[2025-12-10 09:33:18.242] [DEBUG] [tid:127829042783936] (main_cnn.cpp:334) 启动 cnn预测及训练! [2025-12-10 09:33:18.244] [ERROR] [tid:127829042783936] (KafkaConsumer.cpp:173) Created consumer rdkafka#consumer-2 [2025-12-10 09:33:18.244] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:453) subscribe successed: Success [2025-12-10 09:33:43.081] [ERROR] [tid:127829042783936] (KafkaConsumer.cpp:89) RebalanceCb: Local: Assign partitions: [2025-12-10 09:33:43.081] [ERROR] [tid:127829042783936] (KafkaConsumer.cpp:79) analyzed_queue_cnn[0], [2025-12-10 09:33:43.081] [ERROR] [tid:127829042783936] (KafkaConsumer.cpp:79) analyzed_queue_cnn[1], [2025-12-10 09:33:43.081] [ERROR] [tid:127829042783936] (KafkaConsumer.cpp:79) analyzed_queue_cnn[2], [2025-12-10 09:36:50.952] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24307 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013650Z&X-Amz-Signature=517dbd69c3448536d56af14ba80d1be95c7dd1a419bcbb4b3a3eab3fa4add7be&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:36:50.953] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:36:50.953] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:36:54.063] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:36:54.063] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:36:54.063] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:36:54.063] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:36:54.068] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359414068, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:36:54.068] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24308 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl?X-Amz-Signature=85217d1b13eca35f8165aa1d9a2351acbfc99760b9b5e364144432de621b85fd&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013653Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:36:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:36:54.072] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359414072, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:54.072] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:36:57.155] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24736 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=906883d37e78a77d6288cb71476f04b8d749ecdd42ec48f1c104494ed33b296b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013656Z&X-Amz-Expires=604800"} [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:36:57.155] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:36:57.159] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359417159, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:57.159] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:00.257] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24737 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl?X-Amz-Signature=69d7a46f3036a3e37a84de5361ae370307cf45c208fda95bfe2ac8850b28aeb6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013659Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:00.257] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:00.257] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:00.257] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:00.257] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:00.257] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:00.258] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:00.266] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359420265, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:00.266] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:03.360] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25979 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl?X-Amz-Date=20251210T013702Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4e77c1199af4c81a3aad1ff9a20d4845af15e957f440ca9be50553bd424d9eff"} [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:03.360] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:03.365] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359423365, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:03.365] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:06.462] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25980 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013705Z&X-Amz-Expires=604800&X-Amz-Signature=8bdc464254bb11068a5916eb988d9087568b4b48f75a0995ede987e9fa605831&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:06.462] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:06.462] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:06.462] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:06.462] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:06.462] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:06.463] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:06.719] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359426718, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129728166655, "etime": 1726129728166655, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 37985, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:06.719] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:09.564] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25981 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=cd9b73d65a516779b77bb9eae829bbe28e35f1d8b4751503e66634c2953c0189&X-Amz-Date=20251210T013709Z"} [2025-12-10 09:37:09.564] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:09.564] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:09.564] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:09.564] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:09.564] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:09.565] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:09.634] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359429633, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129614772799, "etime": 1726129614772799, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 37301, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:09.634] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:12.665] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24738 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T013712Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d54adc8895178285c3e5b284c3ae86c3fa5565d999dd75fa60b92e0bb46d38ed"} [2025-12-10 09:37:12.666] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:12.666] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:12.666] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:12.666] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:12.666] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:12.667] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:12.777] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359432776, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129504208748, "etime": 1726129504208748, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 36634, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:12.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:15.767] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24309 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl?X-Amz-Signature=3ca10ed15c1cffcd6bbc1e588fe486104416fe7bb8f1f8d6cb8cf1e4bc4e9f12&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013715Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:15.767] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:15.767] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:15.768] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:15.768] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:15.768] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:15.769] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:15.871] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359435870, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129385695037, "etime": 1726129385695037, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 35946, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:15.871] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:18.869] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24310 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=106288cdda9a15fee0aed05d5157beb3f94e73564a60d7f94e1b26557897b28a&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T013718Z"} [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:18.935] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359438934, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726121361002401, "etime": 1726121361002401, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 58744, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:18.935] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:21.971] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24311 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T013721Z&X-Amz-SignedHeaders=host&X-Amz-Signature=d0740bbbb9e60a0435c8ddc7f366b7ee433a591164a3af7dde53dfafe870ddc6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:21.971] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:21.971] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:21.971] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:21.971] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:21.971] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:21.972] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:22.106] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359442106, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130543068344, "etime": 1726130543068344, "src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "src_port": 55098, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:22.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:25.072] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24312 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013724Z&X-Amz-Signature=c1262937001425a945c2da69888fac3ffe19d20c7f3e9fd327ef10607ce069db"} [2025-12-10 09:37:25.072] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:25.072] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:25.072] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:25.072] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:25.073] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:25.073] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:25.214] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359445213, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129588557992, "etime": 1726129588557992, "src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "src_port": 40916, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:25.214] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:28.174] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25982 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl?X-Amz-Date=20251210T013727Z&X-Amz-Signature=c05496a780ede28cdab69048be26f8b34e2c9161ea7bd18d9ba17605410b22ab&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:28.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:28.174] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:28.174] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:28.174] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:28.174] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:28.176] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:28.187] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359448186, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:28.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:31.274] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24313 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl?X-Amz-Signature=de28630815e2d92ed940b77d7581072fbe1aec2abebf5c1150770dae022f869e&X-Amz-Expires=604800&X-Amz-Date=20251210T013730Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:31.274] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:31.274] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:31.275] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:31.275] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:31.275] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:31.276] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:31.284] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359451283, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:31.284] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:34.377] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24314 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ee1d2a1e40430811a653a5a34ab925620a41441a4c4e058c5a2bb044e0b47f5c&X-Amz-Date=20251210T013733Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:34.377] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:34.377] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:34.377] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:34.377] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:34.377] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:34.378] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:34.447] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359454446, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132156836026, "etime": 1726132156836026, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44876, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:34.447] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:37.479] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24315 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T013736Z&X-Amz-SignedHeaders=host&X-Amz-Signature=bdd8558013ad5ba10e6778a38bd6a174a7639900acb7390202049c299a5452a1&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:37.479] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:37.564] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359457564, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132238748089, "etime": 1726132238748089, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53322, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:37.564] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:40.579] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24316 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl?X-Amz-Date=20251210T013740Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=091cf4aa5b50f03ae3081812521f80f7569b1ddfeb06ae0a149dab543c6bed9e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:40.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:40.580] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:40.580] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:40.580] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:40.580] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:40.581] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:40.585] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359460585, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:40.585] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:43.681] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24739 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013743Z&X-Amz-Signature=f8680321ee5df75e2b8d2b243331d9a80571230c4201d1afc73ce89aafcdcf8b&X-Amz-Expires=604800"} [2025-12-10 09:37:43.681] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:43.682] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:43.682] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:43.682] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:43.682] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:43.683] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:43.688] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359463687, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:43.688] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:46.782] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25983 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl?X-Amz-Signature=afec1d0caa8e3d492e5a7a668a8da915e9751ec49018115ebb6b8b9c17e4c458&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T013746Z"} [2025-12-10 09:37:46.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:46.782] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:46.782] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:46.782] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:46.782] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:46.783] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:46.905] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359466905, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132198894650, "etime": 1726132198894650, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44900, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:46.905] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:49.884] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24740 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T013749Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5cf3d83bb001bd45ecd73dd497568b03e4d53bafe840cb1a4853c9f94728999d"} [2025-12-10 09:37:49.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:49.884] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:49.884] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:49.884] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:49.884] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:49.885] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:49.959] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359469959, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130487856048, "etime": 1726130487856048, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38764, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:49.959] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:52.985] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24741 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl?X-Amz-Date=20251210T013752Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=afbf828b7ac6e8a19a41667460e1069cdcccd8c3e9d7dff9626584ad783b4345"} [2025-12-10 09:37:52.985] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:52.985] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:52.985] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:52.985] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:52.985] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:52.986] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:53.052] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359473051, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130530173006, "etime": 1726130530173006, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47816, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:53.052] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:56.087] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24317 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=ba72e0235e38040ac876fe9d8e2dbc604bc6658f68b48fa075d8a2d3f42c2760&X-Amz-Date=20251210T013755Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:56.087] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:56.087] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:56.087] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:56.087] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:56.087] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:56.088] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:56.207] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359476207, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130578536187, "etime": 1726130578536187, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36538, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:56.207] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:37:59.188] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25984 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a9e86787d5d28014f635b7b612f24ee0980a597ef5fbc43206cd7d09207a94c2&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013758Z"} [2025-12-10 09:37:59.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:37:59.188] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:37:59.188] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:37:59.188] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:37:59.188] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:37:59.189] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:37:59.316] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359479316, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129515036169, "etime": 1726129515036169, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34308, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:37:59.316] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:02.290] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24318 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=481ac899cefee4d8b54cbf803272ae9caca8b2988c974e95075f683b89944be4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013801Z&X-Amz-Expires=604800"} [2025-12-10 09:38:02.290] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:02.290] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:02.290] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:02.290] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:02.290] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:02.291] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:02.417] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359482416, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129584155492, "etime": 1726129584155492, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52090, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:02.417] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:05.392] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24319 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013804Z&X-Amz-Signature=f7b8de42e62626b3190f5ad0a9396a5523bc39eea99b60575cb9714fefc14f58&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:38:05.392] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:05.392] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:05.392] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:05.392] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:05.392] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:05.393] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:05.524] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359485523, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129632474958, "etime": 1726129632474958, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35708, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:05.524] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:08.493] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25985 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013807Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a59dce9b7dda5adfc0fb6ba85352ed78d2bb9229e584808f5870b3e06c3fbfb8"} [2025-12-10 09:38:08.493] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:08.493] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:08.493] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:08.493] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:08.493] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:08.494] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:08.624] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359488623, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232101567952, "etime": 1727232101567952, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49233, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:08.624] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:11.595] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24742 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c1406ebc157bfdc42264814cf91ac160607f44fa1dc08969f9db4dc7add2c4b8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013811Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:11.595] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:11.595] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:11.595] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:11.595] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:11.595] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:11.596] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:11.724] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359491723, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212710677896, "etime": 1726212710677896, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50122, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:11.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:14.695] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24320 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013814Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f80a65604dd9847723efa361eb11c21073fc66b29ea40f3eb34b29f0b124f769&X-Amz-SignedHeaders=host"} [2025-12-10 09:38:14.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:14.695] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:14.696] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:14.696] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:14.696] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:14.696] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:14.785] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359494784, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727231967330495, "etime": 1727231967330495, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49196, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:14.785] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:17.796] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24321 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013817Z&X-Amz-Signature=d3d31eb84a74dbbbe1b5c73e31a5e54895712e4fffe15a4f3bf722e589d0251d"} [2025-12-10 09:38:17.796] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:17.796] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:17.796] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:17.797] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:17.797] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:17.797] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:17.911] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359497911, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208536491396, "etime": 1726208536491396, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42202, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:17.911] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:20.898] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24743 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013820Z&X-Amz-Signature=84f737eee9e57708444cb5f109baf24708f2710b82d8abb69c937857ef698786&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:20.898] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:20.898] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:20.899] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:20.899] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:20.899] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:20.900] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:20.976] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359500976, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130399635810, "etime": 1726130399635810, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47642, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:20.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:23.999] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25986 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=8fcefc8c3fe96f60bc4713a9b266b8e61970f9207caf6ac74970e8a28090e914&X-Amz-Date=20251210T013823Z"} [2025-12-10 09:38:23.999] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:23.999] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:23.999] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:23.999] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:23.999] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:24.000] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:24.114] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359504114, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308782057781, "etime": 1726308782057781, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43315, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:38:24.114] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:27.099] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25987 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e8310005c671c84fe39001fafaa8b5c6671dddc361fc15a8dc2b80665ecc4ee7&X-Amz-Date=20251210T013826Z"} [2025-12-10 09:38:27.099] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:27.099] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:27.099] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:27.099] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:27.099] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:27.100] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:27.104] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359507104, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:27.104] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:30.201] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24322 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl?X-Amz-Expires=604800&X-Amz-Signature=1aa5240baa906f1516d1142bf5569af71962361ee59d6b9d0837c9a32406ed32&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013829Z"} [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:30.201] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:30.204] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359510204, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:30.204] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:33.302] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25988 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl?X-Amz-Signature=50135028971c181fda57b6fc9c67669b85e5fa0f13c2aac618a58f8e73bf3bf6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013832Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:33.302] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:33.307] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359513306, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:33.307] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:36.404] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25989 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013835Z&X-Amz-Signature=79f990ba72b95e244fb1ece7136452450bb53601d7059bf763d4ad892afe6c82&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:36.404] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:36.408] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359516408, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:36.408] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:39.505] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25990 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T013838Z&X-Amz-SignedHeaders=host&X-Amz-Signature=84a447f72d72ee7d93aae20771d1df21a604e5fccd525c34cf80c025e0fd4dda"} [2025-12-10 09:38:39.506] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:39.506] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:39.506] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:39.506] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:39.506] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:39.507] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:39.514] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359519513, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:39.514] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:42.608] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24744 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl?X-Amz-Date=20251210T013842Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=216214dd946d63b1873f5ed2fe0a0df8c312474734935db40869ce367d75fc08&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:42.608] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:42.614] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359522614, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:42.615] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:45.710] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24745 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3aefb917838c9f7cc83147d85031e0c54dd93fd1f0aee46ed026eff284ceb55f&X-Amz-Date=20251210T013845Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:38:45.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:45.710] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:45.710] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:45.710] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:45.710] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:45.711] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:45.719] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359525718, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:45.719] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:48.811] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24746 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=2330991b94eaeb509ba812aca549271014c6c4a1c1d0f05e6f65ff9bad5dab25&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013848Z"} [2025-12-10 09:38:48.811] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:48.811] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:48.812] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:48.812] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:48.812] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:48.813] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:48.822] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359528821, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:48.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:51.913] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25991 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=26e4c3ac7fac8a9be2460dd73add2b1e182f48c03d6e048afa4814b41ee3336f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013851Z"} [2025-12-10 09:38:51.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:51.913] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:51.913] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:51.913] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:51.913] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:51.914] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:51.922] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359531921, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:51.922] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:55.014] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25992 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013854Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6d2e7df5ff2a092acb9371b1a93defe82b29434a935e73e88ddb0d2186e9f8e1"} [2025-12-10 09:38:55.014] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:55.014] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:55.014] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:55.014] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:55.014] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:55.015] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:55.024] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359535023, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:55.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:38:58.115] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25993 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bdae278db65638a9cb89aaeccdf0e17ad92fc9ea6fa1ccc1727f5e1ca7466631&X-Amz-Date=20251210T013857Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:58.115] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:38:58.115] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:38:58.116] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:38:58.116] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:38:58.116] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:38:58.117] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:38:58.124] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359538123, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:58.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:01.218] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24747 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013900Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b29e19cc0543ceed0b84e27357b8ddf15679e7376323a4a46e47788899133a52"} [2025-12-10 09:39:01.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:01.218] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:01.218] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:01.218] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:01.218] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:01.219] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:01.227] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359541226, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:01.227] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:04.320] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24323 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=02cc4943d0c301d733f00ffbaca91c2a2cb93026b179970aa6fe823b4aca1593&X-Amz-Expires=604800&X-Amz-Date=20251210T013903Z"} [2025-12-10 09:39:04.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:04.320] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:04.320] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:04.320] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:04.320] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:04.321] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:04.330] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359544329, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:04.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:07.421] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25994 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d26144a890d78e397782e9b876129e9078949f4f6b37fcd2c62a2d2aeb386c98&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013906Z"} [2025-12-10 09:39:07.422] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:07.422] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:07.422] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:07.422] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:07.422] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:07.423] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:07.431] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359547431, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:07.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:10.523] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25995 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=08971428d71b36f6e1d230d44b00a0e53ac3cabb58eb3a8651d97f99c2197df1&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013910Z"} [2025-12-10 09:39:10.523] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:10.523] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:10.523] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:10.523] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:10.523] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:10.524] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:10.532] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359550531, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:10.532] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:13.624] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24324 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=60afaa26bbb8943f3e1a09a29f431bd630bfbea5bf0c9ca26d93e30ea5684abb&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013913Z&X-Amz-Expires=604800"} [2025-12-10 09:39:13.624] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:13.624] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:13.624] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:13.624] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:13.624] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:13.625] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:13.632] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359553631, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:13.632] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:16.726] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25996 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T013916Z&X-Amz-Signature=eee1e3a47f2727a789d78dacdef18a9fd5ece3b3cf95c786cdba34f901e8d44c&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:16.726] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:16.726] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:16.726] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:16.726] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:16.726] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:16.727] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:16.736] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359556735, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:16.736] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:19.828] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25997 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T013919Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=29fb0223da24ae1bf1feab9b267d5f7133a7cb51d7f9b668a991ec3968d8748c"} [2025-12-10 09:39:19.828] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:19.828] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:19.828] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:19.828] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:19.828] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:19.829] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:19.837] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359559836, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:19.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:22.930] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25998 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=359f745a536ffd30d357c2e4273d6428d119b66d58d25fa6830f740ae6d3b2b4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013922Z"} [2025-12-10 09:39:22.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:22.930] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:22.930] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:22.930] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:22.930] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:22.931] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:22.939] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359562938, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:22.939] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:26.031] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24748 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013925Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b83aecae7881b624d06e6d3b9e9eeb26eee711820a1cdb7f342a0269b1ca9760"} [2025-12-10 09:39:26.031] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:26.031] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:26.031] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:26.031] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:26.031] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:26.032] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:26.040] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359566040, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:26.040] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:29.133] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24749 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl?X-Amz-Date=20251210T013928Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=92b8e43aec55ea1b6b6f728b7db4cd1a92d7a2d178ecc21b538960ba368cca99"} [2025-12-10 09:39:29.133] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:29.133] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:29.133] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:29.133] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:29.133] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:29.134] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:29.143] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359569142, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:29.143] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:32.234] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24325 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl?X-Amz-Expires=604800&X-Amz-Signature=922bd6fc3f07b283381a856a07cca4b6a951751d3792f5c7ae59303e1bbd8756&X-Amz-Date=20251210T013931Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:39:32.235] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:32.235] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:32.235] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:32.235] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:32.235] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:32.236] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:32.309] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359572309, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1725955218411554, "etime": 1725955218411554, "src_ip": "192.168.52.129", "dest_ip": "192.168.52.1", "src_port": 443, "dest_port": 21041, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:32.309] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:35.336] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 25999 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T013934Z&X-Amz-Signature=360d7cce7afc8c4302e106e75b747555ec0735490586fc7ee843ec91949c3365"} [2025-12-10 09:39:35.336] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:35.336] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:35.336] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:35.336] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:35.336] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:35.337] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:35.343] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359575343, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:35.343] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:38.436] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24326 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013937Z&X-Amz-Expires=604800&X-Amz-Signature=d1ffa54f69a0e38a90a29a1376585a9b71c99d22d3b8e60e79045e105e589377"} [2025-12-10 09:39:38.437] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:38.437] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:38.437] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:38.437] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:38.437] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:38.438] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:38.512] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359578512, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726045047324732, "etime": 1726045047324732, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49264, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:38.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:41.538] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26000 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=792a13d5fa1afea3778ada5289c8796bb6107ae7ac0fe835bf2be7116753f056&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013941Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:41.538] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:41.602] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359581601, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726043314857611, "etime": 1726043314857611, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49235, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:41.602] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:44.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24750 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl?X-Amz-Expires=604800&X-Amz-Signature=aba24d98c48e34ec7f4bfb5e4725e16554e9b179335b2054281542d50cc3ffee&X-Amz-Date=20251210T013944Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:44.640] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:44.756] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359584755, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726040470461471, "etime": 1726040470461471, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49217, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:44.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:47.740] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24327 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013947Z&X-Amz-Expires=604800&X-Amz-Signature=555697564d50cb454b9e62354d2b040396845e35e9abae28919076f7b722b2e4&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:47.740] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:47.808] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359587807, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726039121341960, "etime": 1726039121341960, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49204, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:47.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:50.841] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24328 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl?X-Amz-Date=20251210T013950Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=cc4cf515290e592d9fd9c5a2c50c1c0ecd8802c8c2bd76259bf8860344ec93ca&X-Amz-Expires=604800"} [2025-12-10 09:39:50.842] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:50.842] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:50.842] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:50.842] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:50.842] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:50.843] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:50.968] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359590968, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726044658246049, "etime": 1726044658246049, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49259, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:50.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:53.943] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24751 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl?X-Amz-Signature=1dc78c2c5c231ddeb301063f6b4a9091f3326e14c34ef055c941a343a71dd3f4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013953Z&X-Amz-Expires=604800"} [2025-12-10 09:39:53.943] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:53.943] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:53.943] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:53.943] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:53.943] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:53.944] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:54.070] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359594069, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726045043846022, "etime": 1726045043846022, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49263, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:54.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:39:57.044] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26001 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=04c47bb2484b50a25ea5e7db1699118572a78dd72c47e80ba85cc0b005e47831&X-Amz-Date=20251210T013956Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:39:57.044] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:39:57.044] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:39:57.044] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:39:57.044] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:39:57.044] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:39:57.045] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:39:57.165] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359597165, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726043311975271, "etime": 1726043311975271, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49234, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:39:57.165] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:00.147] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24752 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013959Z&X-Amz-Signature=cd65102fc3199b3be14648059c560d4eae7b3ba20f5e69f2d4d89de4c6e3fa02&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:40:00.147] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:00.147] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:00.147] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:00.147] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:00.147] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:00.148] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:00.274] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359600273, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129146973654, "etime": 1726129146973654, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56136, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:40:00.274] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:03.248] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26002 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014002Z&X-Amz-Expires=604800&X-Amz-Signature=b926852a8a9d79273458a0d3fe0a364a23612c47295dc6f41addeb325a170245"} [2025-12-10 09:40:03.248] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:03.248] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:03.249] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:03.249] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:03.249] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:03.250] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:03.257] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359603257, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:03.258] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:06.349] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24753 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7cf5a6ba4d0686bb263f3aa2490ae85584606ca4907dfc1f31507695832e9b06&X-Amz-Expires=604800&X-Amz-Date=20251210T014005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:06.349] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:06.349] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:06.349] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:06.349] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:06.349] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:06.350] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:06.359] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359606358, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:06.359] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:09.451] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24754 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl?X-Amz-Signature=4f667e3aadf4ed6d4600251e23fb290c0429c2ed076b543db86d36810ccfb00e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014008Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:40:09.451] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:09.451] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:09.451] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:09.451] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:09.451] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:09.452] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:09.458] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359609457, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:09.458] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:12.553] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24329 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4eaa495cff0f3e703f3ee77609d44c4460e115746556c6f4a326e4cf3df340a7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014012Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:12.554] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:12.559] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359612558, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:12.559] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:15.654] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24755 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=40639dc79e198456a3d752867ed128c4ed1772b51ed8d45ca1a49d1b27e81a62&X-Amz-Date=20251210T014015Z"} [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:15.655] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:15.661] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359615660, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:15.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:18.757] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26003 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4d8cc41c8aea9c92fc07ae92f96a9482ff1e7bd3e43df8fb606bd12fea4cabf2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014018Z"} [2025-12-10 09:40:18.757] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:18.757] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:18.757] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:18.757] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:18.757] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:18.758] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:18.767] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359618766, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:18.767] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:21.858] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26004 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=15851ccd861791ecb9232db928ae5086a2a2393293740b703945911c880de2c6&X-Amz-Expires=604800&X-Amz-Date=20251210T014021Z"} [2025-12-10 09:40:21.858] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:21.858] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:21.859] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:21.859] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:21.859] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:21.860] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:21.865] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359621865, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:21.865] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:24.960] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26005 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl?X-Amz-Date=20251210T014024Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=aa671aaaa6a8f7991c1d3582f51226fc8e8302981dafd2f17cfc973f94593bc2"} [2025-12-10 09:40:24.960] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:24.960] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:24.960] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:24.960] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:24.960] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:24.961] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:24.967] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359624966, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:24.967] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:28.062] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24756 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T014027Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3ceaa46709a154fe0bcc796fc1557fa7d31a79ee7162c7ceff92fc350bd3b1a9&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:40:28.062] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:28.062] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:28.062] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:28.062] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:28.062] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:28.064] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:28.072] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359628071, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:28.072] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:31.163] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24330 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl?X-Amz-Date=20251210T014030Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=319daa724905163bcf21a356054f35925f7b8ccdc9cdb304c61bb559e3fbfa63"} [2025-12-10 09:40:31.163] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:31.163] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:31.164] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:31.164] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:31.164] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:31.165] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:31.174] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359631173, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:31.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:34.265] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24757 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl?X-Amz-Date=20251210T014033Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7230cc441260825b87e24ae04f7e6714b97777fd76fc6da05056735f6cd17b2d"} [2025-12-10 09:40:34.265] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:34.265] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:34.266] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:34.266] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:34.266] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:34.267] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:34.274] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359634274, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:34.275] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:37.366] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24331 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014036Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=10ad9b8399ab7bbbd7397a0dd26758c45f968db52733e1159d10edc84f5bef3c&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:37.367] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:37.367] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:37.367] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:37.367] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:37.367] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:37.368] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:37.376] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359637375, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:37.376] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:40.468] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26006 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl?X-Amz-Signature=e4ac24b7f9e930055e1890a13071e2a9d87686c236e3adf82c37e1eebdfb5bbf&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014039Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:40:40.468] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:40.468] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:40.468] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:40.468] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:40.468] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:40.469] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:40.477] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359640476, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:40.477] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:43.570] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24332 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl?X-Amz-Date=20251210T014043Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a0167f6877a3bd901ec915ffcb1eea1c4c35dc45cd7bdf8c60e6c5f1034b0612"} [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:43.570] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:43.574] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359643574, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:43.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:46.672] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24758 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl?X-Amz-Date=20251210T014046Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fa8bd467a3b3ced13a728adeec2115b5fbf985f73b74d8b4e2a36e203be6a283"} [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:46.672] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:46.741] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359646741, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726018234032888, "etime": 1726018234032888, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11584, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:40:46.741] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:49.773] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24333 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl?X-Amz-Signature=9fab94fa02803b4dcd6c11b4ec1ba47e4f86f55de4f3fe93205d06196915f42c&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014049Z"} [2025-12-10 09:40:49.773] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:49.773] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:49.774] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:49.774] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:49.774] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:49.774] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:49.884] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359649884, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254863413480, "etime": 1727254863413480, "src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "src_port": 20846, "dest_port": 54340, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:40:49.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:52.875] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24759 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014052Z&X-Amz-Expires=604800&X-Amz-Signature=08ac8d5b71ea8b567cf21f884f35b5f2e51f5dcd63ce8282ab45cbd1c3c660df&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:52.875] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:52.875] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:52.875] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:52.875] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:52.875] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:52.876] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:52.880] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359652880, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:52.880] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:55.976] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26007 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl?X-Amz-Signature=cb15b888546aae391c5611d5b29a5651e7cc93664bdb601495bce1b576523e1b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014055Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:55.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:55.976] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:55.976] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:55.976] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:55.976] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:55.977] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:55.981] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359655980, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:55.981] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:40:59.078] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24760 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a9eac2f9416fdb842c2d087b799e5433edfc848b61b3678a5285d30a8a8c43a8&X-Amz-Date=20251210T014058Z"} [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:40:59.078] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:40:59.084] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359659083, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:59.084] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:02.179] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24334 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl?X-Amz-Signature=204415d29065d31754f9a10ba2d6f8998ca3fd6a3714cd49561966d146d4605c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014101Z"} [2025-12-10 09:41:02.179] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:02.179] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:02.180] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:02.180] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:02.180] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:02.181] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:02.306] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359662305, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192244656637, "etime": 1726192244656637, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11473, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:02.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:05.281] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24335 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014104Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2533aae850b5c6041450c6d3c5cacafedfab6a4a5724a080bdb167c31d8581c4"} [2025-12-10 09:41:05.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:05.281] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:05.281] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:05.282] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:05.282] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:05.282] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:05.290] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359665290, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:05.290] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:08.383] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26008 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4fc9d143de4aa3bd7c20dc6393a381c9ed2398550c8fc6fd7b15f5d40ed8de2e&X-Amz-Date=20251210T014107Z"} [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:08.383] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:08.388] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359668387, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:08.388] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:11.484] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26009 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014110Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2a0ca7e1354b19213f24011d35974fa35a499fbea881d1035131f373e0a8c89a"} [2025-12-10 09:41:11.485] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:11.485] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:11.485] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:11.485] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:11.485] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:11.493] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:11.578] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359671578, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193408707486, "etime": 1726193408707486, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13283, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:11.578] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:14.586] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24336 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl?X-Amz-Date=20251210T014114Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e3c646695d840db4ea799b6b56a4dc2504e041a09ae155ffc9bdf9f487d4a0bd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:14.586] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:14.586] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:14.586] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:14.586] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:14.586] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:14.587] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:14.694] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359674693, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726018581059153, "etime": 1726018581059153, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12200, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:14.694] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:17.686] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24337 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=169335ebb3a82fed771a88ef57eed62ce978726f18680c33981928a6210919bc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014117Z"} [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:17.687] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:17.755] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359677754, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726018536049428, "etime": 1726018536049428, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12200, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:17.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:20.788] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24761 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014120Z&X-Amz-Signature=f5c123e017f066485af532ff5b72ea74a199b701dfa2c68e70b25c1c9e85d161&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:20.788] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:20.788] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:20.788] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:20.788] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:20.788] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:20.789] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:20.913] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359680913, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192481442874, "etime": 1726192481442874, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11853, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:20.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:23.890] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24338 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=feaa6a71da7fbe762217794fb36775c9e6e9a8904c0b09d46707b57c3b35c16c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014123Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:23.890] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:23.890] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:23.890] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:23.890] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:23.890] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:23.891] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:23.965] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359683965, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726042673445463, "etime": 1726042673445463, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42674, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:23.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:26.992] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24339 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014126Z&X-Amz-SignedHeaders=host&X-Amz-Signature=33038045ff29496978869c200932f65a6b4edb49bf53511138b820e7b0038423&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:41:26.992] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:26.992] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:26.992] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:26.992] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:26.992] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:26.993] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:27.108] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359687108, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726042673460671, "etime": 1726042673460671, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42675, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:27.108] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:30.095] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26010 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl?X-Amz-Signature=93f115addbcb363c94d775b412cf3c968b8e13f8d7fc3bac30f05afadc9dde23&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014129Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:30.095] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:30.095] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:30.095] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:30.095] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:30.095] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:30.096] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:30.223] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359690223, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726042673445463, "etime": 1726042673445463, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42677, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:30.224] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:33.195] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26011 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014132Z&X-Amz-Signature=1ea6d36b6527ba4f2fb7707563c42279ddf5bf10cf931a66942bf802b90520e6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:33.196] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:33.196] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:33.196] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:33.196] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:33.196] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:33.197] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:33.325] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359693324, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726042729792111, "etime": 1726042729792111, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42676, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:33.325] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:36.298] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24340 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014135Z&X-Amz-Signature=699a6e49ad6b31ab41a87d675f419c7c2fd5169519b8329a0858ebd26d70a7cd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:36.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:36.298] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:36.298] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:36.298] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:36.298] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:36.299] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:36.424] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359696424, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1725954691054507, "etime": 1725954691054507, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 19948, "dest_port": 38483, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:36.424] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:39.400] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24762 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014138Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f327187ba9638238b9964cf62b486850ccff79ec41b48fd0413347f0ff57e0ac&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:41:39.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:39.400] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:39.400] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:39.400] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:39.401] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:39.401] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:39.527] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359699527, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212841536391, "etime": 1726212841536391, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50185, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:39.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:42.502] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24763 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014142Z&X-Amz-Signature=8990872d6ede220873f2416b4bc1a58d33d9e70b7d2aaaceacbc1c35c51538f5&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:42.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:42.502] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:42.502] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:42.502] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:42.502] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:42.503] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:42.616] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359702616, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254938161916, "etime": 1727254938161916, "src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "src_port": 20846, "dest_port": 54340, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:42.617] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:45.602] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24341 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl?X-Amz-Signature=9b5799e5d7a4b000f4bacc2198fe19821502b7738e301b81c277193bc111b493&X-Amz-Expires=604800&X-Amz-Date=20251210T014145Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:41:45.602] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:45.602] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:45.603] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:45.603] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:45.603] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:45.604] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:45.686] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359705685, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627265769114, "etime": 1726627265769114, "src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "src_port": 8080, "dest_port": 54842, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:45.686] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:48.703] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26012 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014148Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=fd6bb308de6b97a0e49d22fc0a9f1d6460f4d81761a51f4a25a74585831d8179"} [2025-12-10 09:41:48.703] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:48.703] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:48.703] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:48.703] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:48.703] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:48.704] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:48.828] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359708827, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627265768974, "etime": 1726627265768974, "src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "src_port": 8080, "dest_port": 54843, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:41:48.828] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:51.805] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24342 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014151Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cd19ef531625cc47a8f4d7c1e74432c39a3b5ac275842e2886e98e024ba1c079&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:51.805] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:51.805] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:51.805] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:51.805] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:51.805] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:51.806] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:51.815] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359711814, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:51.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:54.905] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26013 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6dc5fac12070548b200f93d2e3d92a0ed3f7644543578c5d671c65d9d30207c1&X-Amz-Date=20251210T014154Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:54.905] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:54.905] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:54.906] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:54.906] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:54.906] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:54.906] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:54.913] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359714912, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:54.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:41:58.007] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24764 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Signature=94a2a3313061af3455dd69922398036b43e133c8ef3c1275b7295354a0d33002&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014157Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:58.008] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:41:58.008] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:41:58.008] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:41:58.008] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:41:58.008] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:41:58.009] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:41:58.017] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359718016, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:58.017] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:01.109] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24343 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Signature=010862c401afcb29eaff35a337b4c6eaf8eaa20bf10876acb1637dacdff5adca&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014200Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:01.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:01.109] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:01.110] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:01.110] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:01.110] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:01.111] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:01.119] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359721118, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:42:01.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:04.211] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24344 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl?X-Amz-Date=20251210T014203Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f1748538c0f064094b135d0f8b1f03376ab1e4cf85b8025403eb773530aa9b37&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:42:04.211] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:04.211] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:04.212] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:04.212] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:04.212] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:04.213] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:04.221] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359724220, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:42:04.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:07.313] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24345 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl?X-Amz-Signature=8e5ff752c3df7e201f6a2f99e002ffe022a696e8a89c06bc5ecd6e0c35a4680f&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014206Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:07.313] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:07.313] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:07.314] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:07.314] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:07.314] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:07.315] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:07.444] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359727444, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800660944253, "etime": 1726800660944253, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51265, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:07.444] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:07.444] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:07.444] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:10.416] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26014 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b56374da86e275dafb893e31e9208e2ffd5a0377ba1befc4a8f997c013039184&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014209Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:10.416] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:10.416] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:10.416] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:10.416] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:10.416] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:10.417] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:10.551] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359730550, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813550942625, "etime": 1726813550942625, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51762, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:10.551] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:10.551] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:10.551] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:13.518] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24346 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014213Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=26d441b2fadafcbc92d797afaf25b1a1e04de3aa9b1d22942e08593a56faa143&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:13.519] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:13.519] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:13.519] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:13.519] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:13.519] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:13.520] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:13.649] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359733648, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816544146461, "etime": 1726816544146461, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51865, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:13.649] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:13.649] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:13.649] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:16.621] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24347 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f83ed4fe5d6cdec126fdf75fa353211cb6ad53ae476b3ee08f92b8fd8cf79c0d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014216Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:16.621] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:16.621] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:16.622] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:16.622] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:16.622] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:16.623] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:16.748] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359736747, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816695962690, "etime": 1726816695962690, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51871, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:16.748] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:16.748] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:16.748] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:19.723] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24348 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=01182fa0cb32211afe0a0fc6d42a4d754023bb16704d4fce94d65fd1ee234729&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014219Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:19.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:19.724] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:19.724] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:19.724] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:19.724] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:19.725] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:19.854] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359739854, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795427218369, "etime": 1726795427218369, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51109, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:19.854] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:19.854] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:19.854] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:22.827] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26015 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl?X-Amz-Signature=4f8a274385a967a8eee673a441977393079466e928b9e149d143f7776bdc29e9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014222Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:22.827] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:22.827] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:22.827] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:22.827] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:22.827] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:22.828] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:22.957] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359742957, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795578971037, "etime": 1726795578971037, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51115, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:22.957] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:22.957] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:22.957] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:25.929] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26016 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014225Z&X-Amz-Signature=86caee3c8914dae711248364072df043fc6c4df3b00ca0ac638f8b6006e2def7&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:25.929] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:25.929] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:25.929] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:25.929] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:25.929] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:25.930] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:26.067] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359746067, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726815043086014, "etime": 1726815043086014, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51817, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:26.067] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:26.067] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:26.067] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:29.032] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24765 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014228Z&X-Amz-Expires=604800&X-Amz-Signature=efc826b1770f0503465df43c0bec539c27dddd95591ecbbd88742c3076068cac&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:42:29.032] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:29.032] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:29.032] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:29.032] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:29.032] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:29.033] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:29.148] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359749148, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813641874483, "etime": 1726813641874483, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51765, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:29.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:29.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:29.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:32.135] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26017 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6738c87d832bf2c478380c0efb4139162ae0694c94d4995bfd757c3908984a5a&X-Amz-Date=20251210T014231Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:42:32.135] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:32.135] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:32.135] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:32.135] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:32.135] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:32.136] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:32.264] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359752263, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813793688295, "etime": 1726813793688295, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51771, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:32.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:32.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:32.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:35.238] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24349 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014234Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e17e206b623cec458888f3a4cae6e49afb6528a7a0762a502e7bb11b7dee46f6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:35.238] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:35.238] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:35.239] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:35.239] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:35.239] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:35.240] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:35.370] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359755369, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799511389872, "etime": 1726799511389872, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51219, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:35.370] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:35.370] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:35.370] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:38.340] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26018 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014237Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a61701e70246b921c8793a94ca91245d771e83b41d4854b506235cdb993d8fe3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:38.340] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:38.340] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:38.340] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:38.341] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:38.341] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:38.341] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:38.463] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359758463, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799663177744, "etime": 1726799663177744, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51225, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:42:38.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:38.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:38.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:41.444] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26019 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014240Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=d2335a212c2a3f1c3f752569cba045cf50bdef3243acb5d80dd9ab99ea2468f6"} [2025-12-10 09:42:41.444] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:41.445] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:41.445] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:41.445] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:41.445] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:41.446] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:41.574] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765359761573, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726627266097915, "etime": 1726627266097915, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54847, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 09:42:41.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:42:41.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:41.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:42:44.548] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24766 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8e4fff2add02c5bd12e7c543db7d7aac3aa38a9ce3ee546550fb0fa65605a615&X-Amz-Date=20251210T014244Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:42:44.548] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:44.548] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:44.548] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:44.548] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:44.548] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:44.549] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:44.676] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359764675, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308954434671, "etime": 1726308954434671, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43320, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:42:44.676] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:47.649] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26020 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014247Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f3f6923554791dbeca9faecfce7a2c3994171df2899b871f3615504bb6a27510"} [2025-12-10 09:42:47.649] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:47.649] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:47.650] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:47.650] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:47.650] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:47.651] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:47.780] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359767779, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204637187979, "etime": 1726204637187979, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41406, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:42:47.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:50.751] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24767 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl?X-Amz-Date=20251210T014250Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=985283471a800ea25b1157b0c979bcdd148f9de712310ef7de1f491bb3e7207f"} [2025-12-10 09:42:50.751] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:50.751] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:50.751] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:50.751] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:50.751] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:50.752] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:50.884] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359770884, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206262355792, "etime": 1726206262355792, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41741, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:42:50.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:53.853] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26021 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl?X-Amz-Signature=9e0b78d2a04f35cf6c8dd65d4ef0aebb03043af134736eb468686d52ede2fed6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014253Z"} [2025-12-10 09:42:53.853] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:53.853] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:53.853] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:53.853] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:53.853] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:53.854] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:53.983] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359773982, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204301478595, "etime": 1726204301478595, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41359, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:42:53.983] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:42:56.955] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24768 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl?X-Amz-Date=20251210T014256Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=733500ecac0a6b0af91dbcce10711dfbed6530cdac68f0453206d70190745804&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:56.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:42:56.955] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:42:56.956] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:42:56.956] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:42:56.956] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:42:56.957] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:42:57.087] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359777086, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206210302763, "etime": 1726206210302763, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41729, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:42:57.087] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:00.057] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24769 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl?X-Amz-Date=20251210T014259Z&X-Amz-Signature=c6f7f6ae2333426e1e6caa0d285a7a3927737e145dfbaf351d1b546456086a6d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:43:00.057] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:00.057] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:00.057] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:00.057] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:00.057] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:00.058] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:00.191] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359780191, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204676155207, "etime": 1726204676155207, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41419, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:00.192] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:03.159] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24350 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014302Z&X-Amz-Expires=604800&X-Amz-Signature=c45b09c2359ffcf31b50009bf8a81be1801b3287150779d320b2853f22e1ff90&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:43:03.159] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:03.159] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:03.159] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:03.159] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:03.159] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:03.160] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:03.283] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359783283, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206276513202, "etime": 1726206276513202, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41744, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:03.283] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:06.260] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26022 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014305Z&X-Amz-Signature=1dbbd8f3e678295bc37a55aa6619936a394408a7612626d21936daa85f1f0440&X-Amz-Expires=604800"} [2025-12-10 09:43:06.260] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:06.260] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:06.261] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:06.261] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:06.261] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:06.262] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:06.269] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359786269, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:06.269] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:09.361] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26023 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014308Z&X-Amz-Signature=c94fbaf8b75bb5dbdb84e77d3c0a78781f040637a521bd315534a348db97d85e&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:09.362] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:09.362] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:09.362] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:09.362] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:09.362] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:09.363] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:09.370] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359789370, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:09.370] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:12.463] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24351 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl?X-Amz-Signature=9dfbc6682fc63e4fe6c8ed5c5cf808afbdf989247950a8e5561806c2ecd60aaf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014311Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:43:12.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:12.463] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:12.463] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:12.463] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:12.463] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:12.464] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:12.472] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359792471, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:12.472] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:15.565] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26024 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl?X-Amz-Signature=22446a06a329290af88aa035bcf755a961fe8da2d5099b5379de122a196d0fe8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014315Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:15.565] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:15.565] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:15.565] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:15.565] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:15.565] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:15.566] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:15.574] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359795574, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:15.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:18.666] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26025 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=068d67db15f37a84d400a2ff3cd94b5e80da0024dcff9c005a2b245c0ffbc899&X-Amz-Date=20251210T014318Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:18.666] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:18.666] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:18.667] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:18.667] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:18.667] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:18.668] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:18.675] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359798675, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:18.675] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:21.768] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24352 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b0e6c615bf788e6c017babf0ff0696eda49cab8d7a2bbdb468c2f38604fd9ffc&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014321Z"} [2025-12-10 09:43:21.768] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:21.768] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:21.769] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:21.769] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:21.769] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:21.769] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:21.892] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359801891, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196706964692, "etime": 1726196706964692, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 57515, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:21.892] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:24.872] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24770 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl?X-Amz-Date=20251210T014324Z&X-Amz-Expires=604800&X-Amz-Signature=664a99b6572d77bf59b0e26df96e5e5e68ec6ee71824d9d57a572a55f7dea8cf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:24.872] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:24.872] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:24.872] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:24.872] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:24.872] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:24.873] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:25.000] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359804999, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255874743881, "etime": 1727255874743881, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43330, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:25.000] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:27.972] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24771 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=19fb736bfc143101d7239852169fdb27f88f67368b58165c04c07eac8e6fe3a5&X-Amz-Date=20251210T014327Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:43:27.973] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:27.973] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:27.973] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:27.973] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:27.973] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:27.974] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:28.098] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359808098, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726218782567053, "etime": 1726218782567053, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64657, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:28.098] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:31.075] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26026 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014330Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ae0e7e4cd3a23ce0d99c5a93bcfc54b51c0be7236551bc1b613117cb62c48f52&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:43:31.075] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:31.075] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:31.075] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:31.075] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:31.075] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:31.076] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:31.208] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359811207, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228342545875, "etime": 1727228342545875, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49195, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:31.208] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:34.177] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26027 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=deeaa8d4f7065cebd2517acb907b8e0d23bd63a355a8ec68eda43713c875afac&X-Amz-Date=20251210T014333Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:34.177] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:34.177] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:34.177] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:34.177] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:34.177] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:34.178] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:34.308] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359814307, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228345150791, "etime": 1727228345150791, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49205, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:34.308] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:37.280] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26028 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl?X-Amz-Date=20251210T014336Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c1844b72d07db21e8243b724a16915994304db14dea830d3af525ba47ae47453&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:37.280] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:37.280] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:37.280] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:37.280] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:37.280] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:37.281] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:37.410] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359817409, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228347491356, "etime": 1727228347491356, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49214, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:37.410] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:40.382] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26029 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl?X-Amz-Signature=29e62c125f72362d135e33e4f4d43bfd24e59289297c38bb1ef0f8eac5b5d48c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014339Z"} [2025-12-10 09:43:40.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:40.382] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:40.383] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:40.383] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:40.383] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:40.384] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:40.518] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359820518, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228334044596, "etime": 1727228334044596, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49163, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:40.518] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:43.483] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24772 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl?X-Amz-Signature=d5b7da80380e91b0137b48812fc624b83ca4f05dc752e50393aadfa5fdea146c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014342Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:43.483] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:43.483] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:43.483] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:43.483] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:43.483] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:43.484] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:43.585] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359823585, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627028192878, "etime": 1726627028192878, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54671, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:43.585] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:46.586] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26030 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=cf17616ac67fd752078b394ac3051f54f3e0a8fbbef5877905f2662c1be31f96&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014346Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:46.586] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:46.586] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:46.586] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:46.586] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:46.586] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:46.587] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:46.593] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359826592, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:46.593] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:49.687] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26031 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T014349Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c012047ec18e9078a34cfe86bcca7fb6e38c36ff3158222bdf3f5d9bce9e8a0d"} [2025-12-10 09:43:49.687] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:49.687] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:49.687] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:49.688] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:49.688] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:49.689] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:49.824] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359829823, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228273791286, "etime": 1727228273791286, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49162, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:49.824] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:52.790] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24773 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2d0a2de0bf6774e361aebcf5636e632b5491dd1be0b70d720efa7657a88ace92&X-Amz-Date=20251210T014352Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:52.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:52.790] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:52.790] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:52.790] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:52.790] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:52.791] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:52.917] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359832916, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228334371239, "etime": 1727228334371239, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49164, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:52.917] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:55.891] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24353 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014355Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=42b5faf1a3e26216c0d1333fe1a74aa9074ebd23ff6cb77872ac7f1612927e04"} [2025-12-10 09:43:55.891] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:55.891] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:55.892] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:55.892] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:55.892] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:55.893] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:56.022] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359836022, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228334667490, "etime": 1727228334667490, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49165, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:56.023] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:43:58.995] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24774 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014358Z&X-Amz-Expires=604800&X-Amz-Signature=684b94f6046105b5c69119d4bbc7dfd33875bffbb9530d0538bc22cbbb017d9b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:43:58.995] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:43:58.995] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:43:58.995] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:43:58.995] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:43:58.995] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:43:58.996] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:43:59.125] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359839125, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228334886361, "etime": 1727228334886361, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49166, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:43:59.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:02.096] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26032 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl?X-Amz-Date=20251210T014401Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e70ba74af052312f902452421e296151335e5bc0f9410667e3b5bddcab6fb31"} [2025-12-10 09:44:02.096] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:02.096] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:02.096] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:02.096] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:02.097] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:02.097] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:02.227] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359842227, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228335119982, "etime": 1727228335119982, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49167, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:02.227] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:05.199] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24354 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl?X-Amz-Date=20251210T014404Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c193ef07cb9b2d5feea6d1823ade32f573ed558f3bf820cde671fbbcc2b87548&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:05.199] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:05.199] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:05.199] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:05.199] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:05.199] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:05.200] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:05.330] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359845329, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228337897332, "etime": 1727228337897332, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49178, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:05.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:08.303] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24775 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl?X-Amz-Signature=3d6b124e97f4fcaede2258646bb7f84aedb650df99ef47f4c3fa092b8aa5cf37&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014407Z&X-Amz-Expires=604800"} [2025-12-10 09:44:08.303] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:08.303] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:08.303] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:08.303] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:08.303] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:08.304] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:08.441] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359848440, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228338146227, "etime": 1727228338146227, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49179, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:08.441] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:11.406] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24355 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl?X-Amz-Signature=d1e04e5e23a519412c1412b937642aff7e83d98a2bd5287dd8828182fc8d81ef&X-Amz-Date=20251210T014410Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:11.406] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:11.406] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:11.406] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:11.406] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:11.406] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:11.407] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:11.531] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359851531, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228338396306, "etime": 1727228338396306, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49180, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:11.532] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:14.508] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26033 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=285297620dbc3f1ca104f5141e147fc4de6990724325c811a3d062b8ff13a1c5&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014414Z"} [2025-12-10 09:44:14.508] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:14.508] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:14.509] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:14.509] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:14.509] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:14.510] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:14.640] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359854639, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228338677021, "etime": 1727228338677021, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49181, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:14.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:17.611] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24356 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl?X-Amz-Signature=800d21e941b1a3b0228394a50a5d0c58370eb1cb9049ca59d64e5f132de64748&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T014417Z"} [2025-12-10 09:44:17.611] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:17.611] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:17.611] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:17.611] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:17.611] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:17.612] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:17.736] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359857735, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228338926801, "etime": 1727228338926801, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49182, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:17.736] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:20.713] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24357 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ad2af81a91f2c58f0ef3e90560f61678d90572e285c4336f7e51d6420bf0781b&X-Amz-Date=20251210T014420Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:20.713] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:20.713] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:20.714] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:20.714] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:20.714] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:20.715] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:20.846] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359860846, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228339207953, "etime": 1727228339207953, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49183, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:20.846] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:23.815] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26034 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014423Z&X-Amz-Signature=647ce6d0ec41bdf5b37b30748c26e868a489d5d6cef7d6b17f032e5438a1b572&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:23.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:23.815] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:23.815] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:23.815] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:23.815] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:23.816] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:23.949] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359863948, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228339535628, "etime": 1727228339535628, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49184, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:23.949] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:26.917] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26035 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014426Z&X-Amz-Signature=a5dbb3e72b0da5ff7b33aa74d8a87bc9ac94c2940160d9ea8bfe1430a19bf212&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:26.917] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:26.917] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:26.917] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:26.917] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:26.917] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:26.918] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:27.043] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359867042, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228339831525, "etime": 1727228339831525, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49185, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:27.043] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:30.019] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24776 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b767575f0743367a702d94f493c3ab33d2e3d0ba7ad179934c42dc9374a7389e&X-Amz-Date=20251210T014429Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:44:30.019] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:30.019] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:30.020] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:30.020] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:30.020] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:30.021] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:30.145] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359870145, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228340424653, "etime": 1727228340424653, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49187, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:30.145] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:33.123] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24777 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c707434476012d3d622c17083ff8bbcb7b6c5f2af5caa9ad12d1bed0c361fa41&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014432Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:33.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:33.123] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:33.124] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:33.124] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:33.124] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:33.125] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:33.253] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359873253, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228340673637, "etime": 1727228340673637, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49188, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:33.253] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:36.226] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24778 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl?X-Amz-Signature=713ea0893f16b042ec28ace8b12a01caf43f0a7a93948de32d4773585edae0e7&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014435Z"} [2025-12-10 09:44:36.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:36.226] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:36.227] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:36.227] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:36.227] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:36.228] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:36.353] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359876352, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228340938701, "etime": 1727228340938701, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49189, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:36.353] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:39.329] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24779 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl?X-Amz-Signature=278ffd76d9a8620658bb04908bddf5875a38b82989537ccc640d38818dca3fdc&X-Amz-Date=20251210T014438Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:39.329] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:39.329] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:39.329] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:39.329] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:39.329] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:39.330] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:39.466] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359879466, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228341250575, "etime": 1727228341250575, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49190, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:39.466] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:42.431] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24358 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl?X-Amz-Signature=49e8ff28c401d147a894416465ad66d1bab82823b6b5eed6d28d8041fec09f09&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014441Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:42.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:42.431] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:42.431] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:42.431] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:42.431] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:42.432] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:42.563] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359882562, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228341531774, "etime": 1727228341531774, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49191, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:42.563] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:45.532] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24780 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=caf17989ff79137d501d9193ad32c036b903062a7a4d8dbafd4a88b3a32895b5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014445Z"} [2025-12-10 09:44:45.532] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:45.532] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:45.532] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:45.532] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:45.532] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:45.533] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:45.539] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359885538, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:44:45.539] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:48.634] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24359 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=581da2a6c4018354850c008dd55b1f8f3ac8562f6890f3ee23357fc6e252ea1f&X-Amz-Date=20251210T014448Z"} [2025-12-10 09:44:48.634] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:48.634] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:48.634] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:48.634] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:48.634] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:48.635] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:48.764] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359888763, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228341797077, "etime": 1727228341797077, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49192, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:48.764] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:51.738] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24781 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl?X-Amz-Signature=ed6039247343cbb4c73862191e2b34ca72768f6c7ddaa43b552b435c45a59097&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014451Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:51.738] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:51.738] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:51.738] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:51.738] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:51.738] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:51.739] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:51.861] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359891860, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228342030775, "etime": 1727228342030775, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49193, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:51.861] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:54.841] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24360 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=5b4fe43f4c5f0bcfadfe1248ca988afe92d0f125abd76896e8ac59fbcc7d9a62&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014454Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:54.841] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:54.841] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:54.841] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:54.841] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:54.841] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:54.842] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:54.973] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359894973, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228342266820, "etime": 1727228342266820, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49194, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:54.973] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:44:57.942] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24361 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl?X-Amz-Date=20251210T014457Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=21ddc139df278b4aab66a3f846be736b1f1dd01382a93b73ee0293f40bbd838d"} [2025-12-10 09:44:57.943] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:44:57.943] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:44:57.943] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:44:57.943] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:44:57.943] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:44:57.944] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:44:58.059] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359898059, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228343139302, "etime": 1727228343139302, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49197, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:44:58.059] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:01.045] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26036 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014500Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5ecd4301b8f2170c57a41689255b7d6ce5ad40c08bf1dfa3acf1c01da843dd91&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:01.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:01.045] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:01.045] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:01.045] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:01.045] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:01.046] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:01.178] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359901177, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228343387909, "etime": 1727228343387909, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49198, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:01.178] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:04.148] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26037 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014503Z&X-Amz-Signature=bb147f2acda94bd7f9b6083d0e930376605e030c982e21e28276f9d795afb2e9"} [2025-12-10 09:45:04.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:04.149] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:04.149] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:04.149] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:04.149] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:04.150] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:04.293] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359904292, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228343622427, "etime": 1727228343622427, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49199, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:04.293] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:07.249] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24782 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl?X-Amz-Date=20251210T014506Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0c2f13a5984a046fb1e8ac7a90bf241cf5aad301de9de189b0e2b2cc8c000a57&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:45:07.249] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:07.250] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:07.250] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:07.250] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:07.250] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:07.251] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:07.381] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359907380, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228343856020, "etime": 1727228343856020, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49200, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:07.381] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:10.352] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26038 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=73e144731989c151edf76583012fff9329cd1f1622b401c6516709783ecee65e&X-Amz-Date=20251210T014509Z"} [2025-12-10 09:45:10.352] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:10.352] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:10.353] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:10.353] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:10.353] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:10.354] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:10.491] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359910490, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228344074466, "etime": 1727228344074466, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49201, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:10.491] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:13.454] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26039 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bae48f35de135d93fbc205fcea244f48ef3708f89f9e3ad8af130c80bfbdf9a9&X-Amz-Expires=604800&X-Amz-Date=20251210T014512Z"} [2025-12-10 09:45:13.454] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:13.454] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:13.454] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:13.455] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:13.455] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:13.455] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:13.570] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359913570, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228344340363, "etime": 1727228344340363, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49202, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:13.570] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:16.557] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24783 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014516Z&X-Amz-Signature=fe7d7374d091b2f567cdcdc08e1b14e6e7cf92ba3140d2683060da14fb929557&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:16.557] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:16.557] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:16.557] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:16.557] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:16.557] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:16.558] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:16.683] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359916682, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228344621070, "etime": 1727228344621070, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49203, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:16.683] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:19.660] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26040 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0fb72c5922a196b2339f023858632c5c806332ab26e8d2b2c0e52b35565afa49&X-Amz-Date=20251210T014519Z"} [2025-12-10 09:45:19.660] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:19.660] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:19.660] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:19.661] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:19.661] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:19.662] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:19.791] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359919790, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228344854861, "etime": 1727228344854861, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49204, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:19.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:22.762] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24362 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ccbefc6adabf628262f4a5d9ecc2782797e7f13411adfd4a74489b088c9226a5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014522Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:45:22.762] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:22.762] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:22.762] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:22.762] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:22.762] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:22.763] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:22.895] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359922894, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228345691604, "etime": 1727228345691604, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49207, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:22.895] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:25.866] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24784 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl?X-Amz-Signature=51ee0b4eca44dbdc353629f2a96e6e4cb0660d5f814395e3ff4fee902ab18a7c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014525Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:45:25.866] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:25.866] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:25.866] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:25.866] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:25.866] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:25.867] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:25.996] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359925995, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228345930668, "etime": 1727228345930668, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49208, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:25.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:28.968] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24785 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014528Z&X-Amz-Expires=604800&X-Amz-Signature=1bd8b2b63d81b8d5d9ec00810c2275d93a8f0cf0f1730aa7e35cd974fa5e5aba"} [2025-12-10 09:45:28.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:28.968] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:28.968] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:28.968] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:28.968] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:28.969] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:29.085] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359929084, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228346211338, "etime": 1727228346211338, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49209, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:29.085] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:32.070] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24786 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=5ecc6d8801c9da2cd80721f787b6e07b09d16e3dba6401a575a4bef030fd83ab&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014531Z&X-Amz-Expires=604800"} [2025-12-10 09:45:32.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:32.070] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:32.070] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:32.070] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:32.070] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:32.071] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:32.201] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359932200, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228346429981, "etime": 1727228346429981, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49210, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:32.201] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:35.173] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24363 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014534Z&X-Amz-Signature=7f6bf7553169d9339dd5dc31168ee41aee2a23dfa20bfe28c287edd24c57d1b7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:35.173] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:35.173] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:35.173] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:35.173] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:35.173] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:35.174] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:35.304] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359935303, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228346695402, "etime": 1727228346695402, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49211, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:35.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:38.275] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24787 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl?X-Amz-Signature=ff2a6342df6f71cf2af1ac4982c3780b37ea3f316ee8beeb6e6dc5bd03738cea&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014537Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:45:38.276] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:38.276] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:38.276] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:38.276] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:38.276] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:38.277] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:38.409] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359938409, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228346945087, "etime": 1727228346945087, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49212, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:38.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:41.377] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24364 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014540Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=9f464af6be20379fd3009dd1dfdc991442b921ec3e54fe206564e33fd7ed000b&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:41.378] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:41.378] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:41.378] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:41.378] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:41.378] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:41.379] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:41.509] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359941508, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228347242283, "etime": 1727228347242283, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49213, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:41.509] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:44.479] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24365 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014544Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7d91f5b9ecee1fde3b8cf86920acd43edcf00ee5148b7d11e4102a2c3abfd46f"} [2025-12-10 09:45:44.480] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:44.480] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:44.480] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:44.480] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:44.480] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:44.481] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:44.619] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359944618, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228345419563, "etime": 1727228345419563, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49206, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:44.619] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:47.582] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24788 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl?X-Amz-Signature=2f2c3e72c73ce569f7a4ed29df37fc45003837292655300bd99cced751a56212&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014547Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:45:47.582] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:47.582] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:47.582] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:47.582] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:47.582] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:47.583] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:47.714] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359947713, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228342897145, "etime": 1727228342897145, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49196, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:47.714] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:50.683] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26041 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=030329bf12855cff34219bb9f99dc81c7cc7ced3c03d44db35c75b109fdaf8a8&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014550Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:45:50.683] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:50.683] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:50.683] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:50.683] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:50.683] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:50.684] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:50.693] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359950692, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:45:50.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:53.785] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24366 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e50688c380ad1cf4c320b9038d503dd527c2d95fccaea36323324eda2545c078&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014553Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:45:53.785] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:53.785] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:53.785] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:53.785] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:53.785] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:53.786] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:53.920] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359953919, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627010583731, "etime": 1726627010583731, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54663, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:53.920] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:56.886] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26042 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014556Z&X-Amz-Signature=112419cd58bb281397064de78fbd85e55c4b317cb164fcc586f48b6eb5b68b6a"} [2025-12-10 09:45:56.886] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:56.886] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:56.886] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:56.886] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:56.886] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:56.887] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:45:56.997] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359956997, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726218780480434, "etime": 1726218780480434, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64656, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:45:56.997] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:45:59.987] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24367 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=782e8aeca38c9f3b7a7e2f8266ba63e2892bc53b1e7ad6682c71aa7cfad61455&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014559Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:45:59.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:45:59.987] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:45:59.987] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:45:59.987] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:45:59.987] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:45:59.988] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:00.113] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359960112, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627025160089, "etime": 1726627025160089, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54669, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:00.113] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:03.089] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24789 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=90536c733933521e70cc6896ba9e4c153bc6f8d7b42901957b70d369d2fd8f1b&X-Amz-Date=20251210T014602Z"} [2025-12-10 09:46:03.089] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:03.089] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:03.089] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:03.089] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:03.089] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:03.090] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:03.211] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359963211, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627033156759, "etime": 1726627033156759, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54673, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:03.211] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:06.190] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26043 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl?X-Amz-Signature=77b7a39badc3b598faa9edae02337a35e0f61442a36a0dcaccf9f4d6b6ba6a0f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014605Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:46:06.191] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:06.191] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:06.191] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:06.191] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:06.191] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:06.192] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:06.323] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359966323, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627032104758, "etime": 1726627032104758, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54672, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:06.323] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:09.293] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26044 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ed42bbbcbb17ff4ea8882a0db9f40ad0724174b24baadc5ca67c565062f2122a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014608Z"} [2025-12-10 09:46:09.294] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:09.294] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:09.294] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:09.294] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:09.294] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:09.295] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:09.424] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359969423, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627022748067, "etime": 1726627022748067, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54666, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:09.424] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:12.395] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24368 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014611Z&X-Amz-Signature=e7b0cf61cde2acb2dc366d26aa99507c52bc5b97c392134e0718ccbb2aea9803"} [2025-12-10 09:46:12.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:12.395] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:12.396] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:12.396] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:12.396] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:12.396] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:12.527] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359972526, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726218779846254, "etime": 1726218779846254, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64655, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:12.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:15.498] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26045 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl?X-Amz-Signature=6b742612fc82d3461e0a9c9e3ad4ae34a9d7a4a4f3646834288edd67efce714b&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014615Z"} [2025-12-10 09:46:15.498] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:15.498] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:15.498] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:15.498] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:15.498] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:15.499] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:15.621] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359975620, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627037425106, "etime": 1726627037425106, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54676, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:15.621] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:18.600] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24369 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=92080f41245f652acab97bab59727e3b427fb4b0ebfb688afb1d3a1a60345a12&X-Amz-Expires=604800&X-Amz-Date=20251210T014618Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:18.600] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:18.600] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:18.600] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:18.600] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:18.600] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:18.601] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:18.741] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359978740, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627034421922, "etime": 1726627034421922, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54674, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:18.741] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:21.701] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26046 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=2830fc966206addb06cae833d525d0293ede1a8abf20a5edd6c0dcfc376c0e01&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014621Z"} [2025-12-10 09:46:21.701] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:21.701] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:21.701] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:21.701] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:21.701] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:21.702] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:21.835] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359981834, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627024476981, "etime": 1726627024476981, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54668, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:21.835] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:24.803] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26047 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl?X-Amz-Signature=c8281fac52621917c0bb062f8cbac20394678aa7e3f8f37aee8f5bb69159b0db&X-Amz-Date=20251210T014624Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:46:24.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:24.803] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:24.803] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:24.803] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:24.803] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:24.804] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:24.813] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359984812, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:24.813] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:27.905] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26048 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014627Z&X-Amz-SignedHeaders=host&X-Amz-Signature=3f2949ef1e71b5208fbb826b6aba4bdac5053e9d81802f9d105ad57c1cb13214&X-Amz-Expires=604800"} [2025-12-10 09:46:27.905] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:27.905] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:27.905] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:27.905] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:27.905] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:27.906] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:28.037] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359988036, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627038215753, "etime": 1726627038215753, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54677, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:28.037] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:31.007] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24790 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=28525412c9ca20b8d5198bcba1e12a67a49311e41b52dbc5675334147950d162&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014630Z&X-Amz-Expires=604800"} [2025-12-10 09:46:31.007] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:31.007] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:31.007] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:31.007] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:31.007] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:31.008] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:31.141] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359991140, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726218768517406, "etime": 1726218768517406, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64654, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:31.141] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:34.109] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24370 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl?X-Amz-Date=20251210T014633Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=702231c394f1966c8dc55207316bff0cd37f07eefc380c159bdfc07b9509ff89&X-Amz-Expires=604800"} [2025-12-10 09:46:34.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:34.109] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:34.109] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:34.109] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:34.109] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:34.110] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:34.118] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765359994117, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:34.118] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:37.211] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24371 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6b96c7c6760d72ffb8170e58e76e2fc1499bbcd0cc2a3c236bf7eda617a6c5c6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014636Z"} [2025-12-10 09:46:37.211] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:37.211] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:37.211] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:37.211] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:37.211] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:37.212] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:37.348] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765359997348, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726284531877010, "etime": 1726284531877010, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11580, "dest_port": 4433, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:37.348] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:40.312] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26049 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014639Z&X-Amz-Signature=88334be7cbcca81dd2a66ff6f4931f47afdd1ba55feb63e944147a3faf4bcc8e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:40.312] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:40.312] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:40.313] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:40.313] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:40.313] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:40.314] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:40.322] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360000321, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:40.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:43.414] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26050 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f7a2cba277781fdd807eeaf72e7e0a795ea2be7794d297700850a337f102b366&X-Amz-Date=20251210T014642Z"} [2025-12-10 09:46:43.414] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:43.414] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:43.414] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:43.414] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:43.414] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:43.415] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:43.423] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360003423, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:43.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:46.516] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24372 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl?X-Amz-Signature=ecf67117bf422c570323bee5e0df7acf89ed27093298bcf28520f518e1a75967&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014646Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:46.516] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:46.516] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:46.517] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:46.517] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:46.517] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:46.517] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:46.526] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360006525, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:46.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:49.618] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24373 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014649Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f3014bceb58886b7686d7670f3d08769c128ff594fe1f5597a75c6973739fd79"} [2025-12-10 09:46:49.618] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:49.618] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:49.618] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:49.618] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:49.618] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:49.619] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:49.628] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360009627, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:49.628] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:52.719] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26051 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl?X-Amz-Signature=8ca4795c4001e082799b8f32cf3ef91e0768ed70cc7c2710e44434c62c7d39d8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014652Z"} [2025-12-10 09:46:52.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:52.720] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:52.720] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:52.720] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:52.720] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:52.721] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:52.851] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360012850, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627004926327, "etime": 1726627004926327, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54661, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:52.851] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:55.822] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24791 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=50739884f33ef8a33823ec740e731f973ca044cd30717bb67aa835e8f27221fb&X-Amz-Date=20251210T014655Z"} [2025-12-10 09:46:55.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:55.822] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:55.822] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:55.822] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:55.822] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:55.823] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:55.953] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360015953, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627010524930, "etime": 1726627010524930, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54662, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:55.953] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:46:58.924] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26052 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b35a060ae764f6caae9b7a09e6346461ef1e915ac94f3adbc4d5bab69b5282bb&X-Amz-Date=20251210T014658Z"} [2025-12-10 09:46:58.924] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:46:58.924] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:46:58.924] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:46:58.924] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:46:58.924] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:46:58.925] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:46:59.048] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360019047, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627022638602, "etime": 1726627022638602, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54665, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:46:59.048] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:02.026] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26053 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a0952b69161315ca0bec3742a08581b16af8abf781e0154790016ad798b47dcf&X-Amz-Date=20251210T014701Z&X-Amz-Expires=604800"} [2025-12-10 09:47:02.026] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:02.026] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:02.026] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:02.026] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:02.026] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:02.027] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:02.035] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360022034, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:02.035] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:05.127] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26054 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl?X-Amz-Date=20251210T014704Z&X-Amz-Expires=604800&X-Amz-Signature=a1cb634fc93b80065f0c54d2ccc24401fa829db4d54055fd221f1a89cbde74c0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:05.127] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:05.127] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:05.127] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:05.127] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:05.127] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:05.128] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:05.137] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360025136, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:05.137] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:08.229] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24792 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2117112e6d5584e5fc5b13143adbbe2b60a80ae58d42df95d5a6d5ef126f7644&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014707Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:08.229] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:08.230] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:08.230] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:08.230] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:08.231] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:08.239] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360028239, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:08.240] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:11.332] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26055 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl?X-Amz-Expires=604800&X-Amz-Signature=ed24e529ad6355216f2b65f58329281858440138db1b1212ffc31881a72aa89a&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014710Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:11.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:11.332] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:11.332] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:11.332] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:11.332] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:11.333] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:11.342] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765360031341, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:11.342] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:14.433] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24793 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f537f81925a7b2b45de996a072feebacb7ea00001b7646260d28fbb51251c4dd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014713Z"} [2025-12-10 09:47:14.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:14.434] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:14.563] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360034563, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726715829725293, "etime": 1726715829725293, "src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "src_port": 50834, "dest_port": 20012, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:14.563] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:17.536] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24794 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a19d5c07afe8327a1f263e102d3cfe663726291e468ac184adea00b6f3c15929&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014717Z"} [2025-12-10 09:47:17.536] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:17.537] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:17.665] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360037664, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127486444771, "etime": 1726127486444771, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52976, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:17.665] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:20.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24795 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014720Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=98e43d2a38780a7ecb877bbd362b1863121edd25b6761a08e7aef763bd36a6ae"} [2025-12-10 09:47:20.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:20.639] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:20.639] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:20.639] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:20.639] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:20.640] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:20.769] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360040768, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127476396815, "etime": 1726127476396815, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52812, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:20.769] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:23.742] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24796 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl?X-Amz-Signature=c5aa4ffdd37e2d32ad3d322576104a0330f144426f6d54a0f011dfc52dae3d77&X-Amz-Expires=604800&X-Amz-Date=20251210T014723Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:23.742] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:23.742] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:23.742] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:23.742] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:23.742] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:23.743] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:23.873] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360043873, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127477489392, "etime": 1726127477489392, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52813, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:23.873] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:26.845] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26056 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl?X-Amz-Date=20251210T014726Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=a16d398d8dfb35962afe74a0f503018110134de8264b19f0610138473d97cec1&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:26.845] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:26.845] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:26.845] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:26.845] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:26.845] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:26.846] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:26.977] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360046977, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130582597989, "etime": 1726130582597989, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48270, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:26.977] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:29.947] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26057 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014729Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fa3aeb8e06617a82a7952e994ae0710738d33833fdfa4f125ced29d65a529cf5"} [2025-12-10 09:47:29.947] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:29.947] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:29.948] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:29.948] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:29.948] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:29.949] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:30.085] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360050084, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127478281937, "etime": 1726127478281937, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52966, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:30.085] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:33.050] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24797 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ebd01c0e562d2627422927a34e7416f8e7b9d476394d58a84e5ed2b7eef0b71c&X-Amz-Expires=604800&X-Amz-Date=20251210T014732Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:33.050] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:33.050] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:33.050] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:33.050] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:33.051] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:33.051] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:33.171] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360053170, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625102095546, "etime": 1726625102095546, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53648, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 09:47:33.171] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:47:33.171] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:33.171] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:47:36.153] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24798 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014735Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0744d3d7c8c2bd0473f6e2729b9500b40bdbcfe712ad9e1a0dd71f0fa44644c1"} [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:36.153] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:36.281] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360056281, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127466616469, "etime": 1726127466616469, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52645, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:36.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:39.255] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24374 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014738Z&X-Amz-Signature=9195d271044aa301875bb550caaa6c6ade0063832a75d6295065abcbdfa1500e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:47:39.255] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:39.255] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:39.256] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:39.256] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:39.256] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:39.257] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:39.384] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360059384, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127473160506, "etime": 1726127473160506, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52798, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:39.385] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:42.357] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24375 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014741Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2bcbd0caa133121ecd24e1a4fde04d46c3bb1c2b54b51f901091f75c4858f156"} [2025-12-10 09:47:42.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:42.357] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:42.357] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:42.357] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:42.357] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:42.358] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:42.479] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360062478, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127492304463, "etime": 1726127492304463, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 53137, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:42.479] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:45.460] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24799 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl?X-Amz-Date=20251210T014744Z&X-Amz-Signature=bd1714f8b8b531bab5e9decd40ac06007ab7346a516e22d2a388b4f6d72b56be&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:45.460] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:45.460] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:45.460] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:45.460] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:45.461] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:45.461] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:45.588] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360065588, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219077337769, "etime": 1726219077337769, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64742, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:45.588] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:48.562] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26058 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8c8db154676450a59228296f11fa20bf9bbeb777041763b3eecfd61d9830ca9a&X-Amz-Date=20251210T014748Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:47:48.563] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:48.563] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:48.563] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:48.563] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:48.563] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:48.564] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:48.693] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360068693, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627278280295, "etime": 1726627278280295, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54855, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:47:48.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:47:51.665] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24800 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl?X-Amz-Date=20251210T014751Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2b63480847fc2ee701c36c28a617d4ff521ac412e2d505ded9312dc435ee78fc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:47:51.665] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:51.665] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:51.665] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:51.665] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:51.665] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:51.666] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:51.791] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360071791, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816620073716, "etime": 1726816620073716, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51868, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:47:51.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:47:51.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:51.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:47:54.767] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26059 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl?X-Amz-Date=20251210T014754Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8584f92684bff968058fb2b2cff0d55d2b5609288eaaf6a293c69e4f66008bd6&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:54.767] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:54.767] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:54.767] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:54.767] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:54.767] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:54.768] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:54.892] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360074891, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795503111499, "etime": 1726795503111499, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51112, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:47:54.892] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:47:54.892] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:54.892] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:47:57.869] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24376 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl?X-Amz-Signature=f9f14b0177d77645f1659143de317e3decf2048a95ce2e3645dde88f45831da8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014757Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:57.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:47:57.869] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:47:57.869] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:47:57.870] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:47:57.870] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:47:57.870] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:47:57.988] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360077987, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813717803763, "etime": 1726813717803763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51768, "dest_port": 446, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:47:57.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:47:57.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:57.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:00.971] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24377 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e7c53d98f3082b0239de4b55062ad7e28d73da742cd64cb71c85a208f5826a3b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014800Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:00.971] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:00.971] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:00.971] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:00.971] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:00.971] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:00.972] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:01.097] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360081096, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799587285373, "etime": 1726799587285373, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51222, "dest_port": 446, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:48:01.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:48:01.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:01.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:04.074] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24378 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl?X-Amz-Signature=94995bbfc24fbece89ef6b1449ba612b1051aca8553a59a0cbc9d29258c42a2d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T014803Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:04.074] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:04.074] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:04.074] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:04.074] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:04.074] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:04.075] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:04.202] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360084201, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627285371137, "etime": 1726627285371137, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54858, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:04.202] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:07.176] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24801 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7fae8efe2688198e6f46932a7e17519ed3c5bcd9aeaf0b0b6c6d2ec00d7ded71&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014806Z&X-Amz-Expires=604800"} [2025-12-10 09:48:07.176] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:07.176] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:07.176] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:07.176] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:07.176] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:07.177] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:07.306] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360087306, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796707365874, "etime": 1726796707365874, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51156, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:48:07.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:48:07.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:07.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:10.279] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24802 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=1db5ed15dcc5c303e1c5a8d55cdad74dd86fd1a9c4127b9fd6db5d13590cb006&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014809Z"} [2025-12-10 09:48:10.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:10.279] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:10.279] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:10.279] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:10.279] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:10.280] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:10.410] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360090410, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817777020698, "etime": 1726817777020698, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51911, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:48:10.410] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:48:10.411] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:10.411] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:13.383] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26060 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl?X-Amz-Date=20251210T014812Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bb9ea729f15b6c3bcff149c2ae6eac1f89d58ac856dabce14c444324d905f50c"} [2025-12-10 09:48:13.383] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:13.383] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:13.384] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:13.384] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:13.384] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:13.385] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:13.517] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360093517, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814967196763, "etime": 1726814967196763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51814, "dest_port": 446, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:48:13.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:48:13.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:13.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:16.487] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26061 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014816Z&X-Amz-Expires=604800&X-Amz-Signature=b8af38c39708bcc48378e962c5a68b7678484c7128ea05634e45fd6e366d3590&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:16.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:16.487] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:16.488] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:16.488] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:16.488] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:16.488] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:16.620] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360096619, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800903601288, "etime": 1726800903601288, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51274, "dest_port": 446, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:48:16.620] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:48:16.620] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:16.620] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:48:19.589] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26062 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl?X-Amz-Signature=459da2df65d7a7d8d7561a088514cd3f8b2c0236917904670c9fae68bb96aceb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014819Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:19.589] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:19.589] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:19.589] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:19.589] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:19.589] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:19.590] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:19.656] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360099655, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196742410208, "etime": 1726196742410208, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 58083, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:19.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:22.691] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24803 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl?X-Amz-Date=20251210T014822Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fe80929787f6ded494c36b6609e9ee0fc1fb5a32dbe87e0fa704a8c861a4e23f&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:48:22.691] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:22.691] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:22.691] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:22.691] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:22.691] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:22.692] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:22.824] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360102823, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159624196346, "etime": 1727159624196346, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50445, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:22.824] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:25.795] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24379 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl?X-Amz-Date=20251210T014825Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=59ed6b78a27ab29cba75e38116cbe2eb47df4c1634a12cfda07cca84ddb6b196&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:25.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:25.795] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:25.795] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:25.795] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:25.795] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:25.797] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:25.918] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360105918, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219075076593, "etime": 1726219075076593, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64741, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:25.918] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:28.897] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24804 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014828Z&X-Amz-Signature=ab818fe8da7dbb87ccfa3d814feada931e10c6069d276dcce42224e9102fd5db&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:28.897] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:29.024] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360109024, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219078612992, "etime": 1726219078612992, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64743, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:29.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:31.999] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26063 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5125ce1805ee24baf76b6eb2bf056dec53f5d009c3603d8102cdd5d678f4d1e8&X-Amz-Date=20251210T014831Z"} [2025-12-10 09:48:31.999] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:31.999] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:31.999] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:31.999] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:31.999] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:32.000] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:32.124] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360112123, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219080314630, "etime": 1726219080314630, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64745, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:32.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:35.100] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24380 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014834Z&X-Amz-SignedHeaders=host&X-Amz-Signature=3260b3e5edf14bb74e9184c1829ee2a6f9b70969986c02c878ee9f5eef12c0f2&X-Amz-Expires=604800"} [2025-12-10 09:48:35.100] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:35.100] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:35.100] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:35.100] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:35.100] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:35.101] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:35.230] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360115229, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208596079519, "etime": 1726208596079519, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42213, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:35.230] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:38.202] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24805 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1d474574ff37f4fe73301057411f6475d5420834ce496f6bccbad277e6c7c519&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014837Z&X-Amz-Expires=604800"} [2025-12-10 09:48:38.202] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:38.202] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:38.202] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:38.202] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:38.202] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:38.203] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:38.284] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360118284, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219071364625, "etime": 1726219071364625, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64739, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:38.284] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:41.303] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24806 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2286122cd426f6919cbd03b78acf54590c1a4a73b3ab6c8ada912dbd45b3e9bd&X-Amz-Date=20251210T014840Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:41.303] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:41.303] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:41.303] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:41.303] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:41.303] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:41.304] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:41.380] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360121380, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208554302753, "etime": 1726208554302753, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42204, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:41.380] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:44.406] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26064 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7abfa44d66a237f3783840f38bf9a5d84f112fc24203875c3a2b701d61539c6a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014843Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:44.406] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:44.471] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360124471, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627273686627, "etime": 1726627273686627, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54850, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:44.471] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:47.507] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24381 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f64b91f4cfabc824848a734381090125cbc32b8eff368129d7ba9494bda11605&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014847Z"} [2025-12-10 09:48:47.507] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:47.507] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:47.507] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:47.507] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:47.507] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:47.508] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:47.573] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360127573, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208633991204, "etime": 1726208633991204, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42226, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:47.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:50.609] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24807 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014850Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4b16aec9f75a4a7093ca7b6969309173f7ed22e7950ee3286539ae9934ed848c&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:50.674] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360130674, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207543892355, "etime": 1726207543892355, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42016, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:50.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:53.711] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26065 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl?X-Amz-Signature=33e5b87bc72f8af3446953972dd8dd2a1a94894f7747b3cda025c218289ea467&X-Amz-Date=20251210T014853Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:53.711] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:53.777] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360133776, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208605926067, "etime": 1726208605926067, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42214, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:53.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:56.812] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24808 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl?X-Amz-Date=20251210T014856Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0f3e7cc0d079c83fcfca6e23dbd0171f264ed83a41de18de32ae7a0474939750&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:56.812] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:56.885] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360136884, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208620379359, "etime": 1726208620379359, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42219, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:56.885] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:48:59.915] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24809 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl?X-Amz-Date=20251210T014859Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=b1e448f0ea9e33ac5359606114555d962c08e6fe16b94c7f65673915d38d3e38"} [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:48:59.915] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:48:59.981] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360139980, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627280815216, "etime": 1726627280815216, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54856, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:48:59.981] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:03.017] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24382 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=47d135bb1df30f4b31673879588eee222e2d7003e8e04961c1ea57bcffd50815&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014902Z"} [2025-12-10 09:49:03.017] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:03.017] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:03.017] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:03.017] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:03.017] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:03.018] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:03.083] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360143082, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219074509616, "etime": 1726219074509616, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64740, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:03.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:06.118] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26066 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014905Z&X-Amz-Signature=7bd33d9c8a23838f43d0cbff27594ce342c9ed3cea3a6d6d11f80f565da880a9"} [2025-12-10 09:49:06.118] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:06.118] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:06.118] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:06.118] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:06.118] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:06.119] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:06.207] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360146206, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207404658134, "etime": 1726207404658134, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41983, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:06.207] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:09.219] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24810 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014908Z&X-Amz-Signature=34faa2cf754ea2f0e521d66b1711dd367ae868a0cd06346f0854a3fc44118bd9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:09.219] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:09.219] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:09.219] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:09.219] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:09.219] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:09.220] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:09.289] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360149289, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208573986042, "etime": 1726208573986042, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42209, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:09.289] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:12.323] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24811 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014911Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=bebae350ef908efc6799e8fd892d16877a632dc876fcccc060e1cc159acc9e11&X-Amz-Expires=604800"} [2025-12-10 09:49:12.323] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:12.323] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:12.323] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:12.323] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:12.323] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:12.324] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:12.405] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360152404, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627275251157, "etime": 1726627275251157, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54851, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:12.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:15.424] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24812 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=33116c0d0ba99cbd926d2977084635afb27579c50d161311c3bb7929a306a2fb&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014914Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:15.425] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:15.527] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360155526, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817685669791, "etime": 1726817685669791, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51907, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:15.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:15.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:15.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:18.526] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26067 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014918Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fe78fda3c9e7948947cfce23c4b6da5c419e853e924296b802fdeee848bddcaf"} [2025-12-10 09:49:18.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:18.527] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:18.527] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:18.527] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:18.527] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:18.528] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:18.653] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360158653, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817761587139, "etime": 1726817761587139, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51910, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:18.653] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:18.653] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:18.654] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:21.629] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26068 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014921Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=d655809370c3b9902d9aad5694c910a1ec113e28f768fb744b94d5ba2d0315fe"} [2025-12-10 09:49:21.629] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:21.629] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:21.629] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:21.629] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:21.629] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:21.630] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:21.756] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360161756, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817837490769, "etime": 1726817837490769, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51913, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:21.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:21.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:21.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:24.731] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26069 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl?X-Amz-Signature=5da7722f60f40c0d4f05e5f1a32eb22d5bcb5c77f21c968749074d8450424fc3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014924Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:24.731] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:24.731] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:24.731] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:24.731] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:24.731] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:24.732] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:24.799] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360164798, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796616036795, "etime": 1726796616036795, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51152, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:24.799] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:24.799] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:24.799] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:27.833] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24383 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=110852489ac54919f7594fa8828162df63a7b71c3b4c11577215e32ccc2762c2&X-Amz-Date=20251210T014927Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:27.833] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:27.833] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:27.834] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:27.834] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:27.834] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:27.834] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:27.956] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360167956, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796691923763, "etime": 1726796691923763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51155, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:27.956] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:27.956] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:27.956] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:30.936] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24813 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014930Z&X-Amz-Signature=974a975423183f36cd4483aa30365ef5e6972c3449e528e56ab5ae7fd19397fc&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:49:30.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:30.936] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:30.937] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:30.937] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:30.937] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:30.938] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:31.068] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360171068, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796767859603, "etime": 1726796767859603, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51158, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:31.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:31.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:31.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:34.038] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24384 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dd9ba5dd00ac3d02d97ec4091bc2e4182859f236017bec8573a7fa5fe0b573f3&X-Amz-Date=20251210T014933Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:34.038] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:34.038] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:34.039] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:34.039] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:34.039] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:34.040] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:34.169] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360174169, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627269746756, "etime": 1726627269746756, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54848, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:34.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:37.139] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24814 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=8e372630af49b3daf222d0c1e720ad775b6833189abb6692e09978137f9b2049&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014936Z"} [2025-12-10 09:49:37.139] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:37.139] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:37.139] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:37.139] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:37.139] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:37.140] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:37.270] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360177270, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207584218767, "etime": 1726207584218767, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42018, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:37.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:40.243] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26070 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl?X-Amz-Date=20251210T014939Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=afdc9e6a8e3713bbb7b0205796a793185f3d459954d318c50593c8841cba8b47&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:40.243] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:40.243] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:40.243] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:40.243] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:40.243] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:40.244] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:40.374] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360180373, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726627282789029, "etime": 1726627282789029, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54857, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:40.374] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:43.345] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24385 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c6c4462d03dc6ae0d1305aae8a8dabce4c3e49311e20705a4fd566ebc10e49fa&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014942Z"} [2025-12-10 09:49:43.345] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:43.345] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:43.345] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:43.345] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:43.345] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:43.346] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:43.475] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360183475, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196728239369, "etime": 1726196728239369, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 57835, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:49:43.476] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:49:46.446] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26071 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014945Z&X-Amz-Expires=604800&X-Amz-Signature=a55f78156514f9048dd911ab25f48442bb9478c58d64958a146255f5bc494f99&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:46.446] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:46.446] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:46.446] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:46.446] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:46.446] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:46.447] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:46.576] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360186575, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814875856371, "etime": 1726814875856371, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51810, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:46.576] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:46.576] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:46.576] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:49.549] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24815 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014948Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=9e94e97ddbad18cdc1adb1d52c514969c5b53c114d9523bbd0e769a6b2909490"} [2025-12-10 09:49:49.549] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:49.549] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:49.549] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:49.549] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:49.549] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:49.550] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:49.674] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360189674, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814951753833, "etime": 1726814951753833, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51813, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:49.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:49.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:49.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:52.652] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24386 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7de695fa6ee1a30efc971c89a8e2fcbafedf953ed3e58ff2fc33c19a9bb655ae&X-Amz-Date=20251210T014952Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:52.652] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:52.652] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:52.652] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:52.652] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:52.652] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:52.653] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:52.783] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360192782, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726815027628973, "etime": 1726815027628973, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51816, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:52.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:52.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:52.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:55.756] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26072 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl?X-Amz-Date=20251210T014955Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a0688769999a2407bb3fa2ffb20cf20eccf4481923bed1d8eb678b2106ddc156"} [2025-12-10 09:49:55.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:55.756] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:55.756] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:55.756] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:55.756] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:55.757] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:55.889] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360195889, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800812294590, "etime": 1726800812294590, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51270, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:55.889] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:55.889] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:55.889] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:49:58.860] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26073 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=18ad14798fd00152d66217677ce290aebdb47d65dbe2dce22b3c80b53787fd32&X-Amz-Date=20251210T014958Z"} [2025-12-10 09:49:58.860] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:49:58.860] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:49:58.860] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:49:58.860] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:49:58.860] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:49:58.861] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:49:58.988] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360198987, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800888157473, "etime": 1726800888157473, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51273, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:49:58.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:49:58.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:58.988] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:01.962] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24387 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl?X-Amz-Signature=ad225981c7dc651bdf602b46e02883181176095996945bb5bf2fbe96283c3c27&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015001Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:01.962] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:01.962] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:01.962] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:01.962] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:01.962] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:01.963] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:02.093] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360202093, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800964034758, "etime": 1726800964034758, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51276, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:02.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:02.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:02.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:05.064] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26074 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl?X-Amz-Date=20251210T015004Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=aba9fe4675a1cb7ac69e5122e30905ffdc1971ecca080aa6abd83df87f10e185&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:05.065] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:05.065] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:05.065] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:05.065] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:05.065] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:05.066] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:05.198] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360205197, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207569358938, "etime": 1726207569358938, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42017, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:50:05.198] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:50:08.166] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24388 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=63af7c8fc6cf28f8578d908262c1e247c2d00ed688059951eaed5385e2d8f00c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015007Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:08.166] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:08.166] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:08.167] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:08.167] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:08.167] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:08.168] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:08.292] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360208292, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817609754651, "etime": 1726817609754651, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51904, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:08.292] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:08.292] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:08.292] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:11.269] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24389 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2a4660b86c259d88880e08b6f3016e9eae173e86ed1f147e71f20e23551dcc02&X-Amz-Date=20251210T015010Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:11.269] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:11.269] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:11.269] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:11.269] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:11.269] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:11.270] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:11.400] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360211400, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796540166380, "etime": 1726796540166380, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51149, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:11.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:11.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:11.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:14.371] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24816 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f83fe305a9d5ef8244fd6157d8ea9dfa7add45d9646c2a0b33709b5ca35a81d1&X-Amz-Date=20251210T015013Z"} [2025-12-10 09:50:14.371] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:14.371] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:14.371] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:14.371] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:14.371] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:14.372] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:14.505] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360214504, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816604578792, "etime": 1726816604578792, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51867, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:14.505] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:14.505] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:14.505] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:17.472] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24817 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8e7cfe2757d55fafd8be6ee2be24da454254b1fdfc63f6721d8e9435990d7ef0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015016Z"} [2025-12-10 09:50:17.473] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:17.473] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:17.473] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:17.473] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:17.473] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:17.474] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:17.607] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360217607, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816680523235, "etime": 1726816680523235, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51870, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:17.607] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:17.607] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:17.607] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:20.576] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24390 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e465fc313698261402881efc03c0c09fa87deec71e8b41882d59bda22858355e&X-Amz-Date=20251210T015020Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:50:20.577] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:20.577] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:20.577] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:20.577] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:20.577] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:20.578] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:20.699] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360220699, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795487649673, "etime": 1726795487649673, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51111, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:20.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:20.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:20.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:23.679] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24818 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015023Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a8c47b1c6c1d88f3b30294dd99cb24959e07d94188f2ea003ac2165da6856a12&X-Amz-Expires=604800"} [2025-12-10 09:50:23.679] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:23.679] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:23.680] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:23.680] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:23.680] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:23.680] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:23.809] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360223808, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795563520347, "etime": 1726795563520347, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:23.809] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:23.809] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:23.809] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:26.781] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26075 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f27dada104b62b8c0ebfba14ff2f3f6ddd2f5222752017e7e1271febeb33d359&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015026Z"} [2025-12-10 09:50:26.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:26.782] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:26.782] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:26.782] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:26.782] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:26.783] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:26.914] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360226914, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726627273198151, "etime": 1726627273198151, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 54849, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 09:50:26.914] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:26.914] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:26.914] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:29.884] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24819 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015029Z&X-Amz-Signature=631adc69af10bd6990712a5a2fc0ceba122629c178fe43a5e9f935db03c40778&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:29.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:29.884] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:29.884] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:29.884] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:29.884] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:29.885] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:30.009] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360230009, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207471023172, "etime": 1726207471023172, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42003, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:50:30.010] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:50:32.987] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24820 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl?X-Amz-Date=20251210T015032Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cef5340399281b80226040bf0ea2fd53e2f2873c6599bbcad5e6af5df4c483c7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:50:32.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:32.987] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:32.987] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:32.987] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:32.987] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:32.988] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:33.119] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360233118, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814799990987, "etime": 1726814799990987, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51807, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:33.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:33.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:33.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:36.090] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24391 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7998baef6c8573e5477860e057b98bd31688919f4451da014c5f746f32ff37b1&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015035Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:36.090] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:36.090] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:36.091] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:36.091] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:36.091] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:36.092] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:36.223] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360236222, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800736369572, "etime": 1726800736369572, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51267, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:36.223] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:36.223] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:36.223] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:39.193] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26076 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e105000a743587a0c8058b03a452abcd5b3eff74c221f7936bba7fd896c58dcc&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015038Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:39.193] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:39.193] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:39.194] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:39.194] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:39.194] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:39.195] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:39.320] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360239320, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813702346496, "etime": 1726813702346496, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51767, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:39.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:39.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:39.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:42.295] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24392 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015041Z&X-Amz-Signature=eb09198cb857806c6d5f3d6d05eea5e4da6f585c0e1a7cd9da64c96fabce4b34&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:50:42.296] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:42.296] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:42.296] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:42.296] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:42.296] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:42.297] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:42.423] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360242422, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813778251253, "etime": 1726813778251253, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51770, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:42.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:42.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:42.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:45.398] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24393 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl?X-Amz-Date=20251210T015044Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4c024420fb8f1f8086c2df2d6be1e919170362fe9666553009bc03a6c2ba9cad&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:50:45.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:45.398] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:45.399] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:45.399] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:45.399] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:45.400] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:45.530] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360245530, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816528714237, "etime": 1726816528714237, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51864, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:45.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:45.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:45.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:48.504] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24821 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl?X-Amz-Signature=2a26eae50b990183d8b9297d4957e0cbf7465a55ee4f36e41c66d4a8452be285&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015048Z&X-Amz-Expires=604800"} [2025-12-10 09:50:48.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:48.504] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:48.504] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:48.504] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:48.504] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:48.505] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:48.639] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360248639, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799571828221, "etime": 1726799571828221, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51221, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:48.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:48.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:48.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:51.605] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24394 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f8d62430754a2c52917a51d741519b464776f11da98acca6dd64111bcc425c68&X-Amz-Date=20251210T015051Z"} [2025-12-10 09:50:51.605] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:51.605] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:51.606] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:51.606] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:51.606] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:51.606] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:51.720] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360251720, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799647723038, "etime": 1726799647723038, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51224, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:51.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:51.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:51.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:54.709] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26077 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=181525e3518309663bf34d4fd3bc0d670426e938906300b5df5d54e78a7f6cbc&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015054Z"} [2025-12-10 09:50:54.709] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:54.709] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:54.709] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:54.709] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:54.709] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:54.817] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360254816, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795411785346, "etime": 1726795411785346, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51108, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:54.817] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:54.817] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:54.817] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:50:57.812] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24822 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015057Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=ed6eefb0c37e6d19564f91f38395dd389adfb62d10f4950672232c71f4999c3a"} [2025-12-10 09:50:57.812] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:50:57.812] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:50:57.812] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:50:57.813] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:50:57.813] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:50:57.813] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:50:57.926] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360257925, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813626421720, "etime": 1726813626421720, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51764, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:50:57.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:50:57.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:57.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:00.913] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26078 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl?X-Amz-Date=20251210T015100Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e35eb089c64427c5bff09adcdc90ebf0bf47259c082680f9acab05a654f35575&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:51:00.914] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:00.914] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:00.914] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:00.914] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:00.914] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:00.915] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:01.049] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360261048, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799495966027, "etime": 1726799495966027, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51218, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:01.049] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:01.049] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:01.049] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:04.016] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24395 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015103Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bc2a6d894fa7a4785b0ecf211d7fed6838f5bfcaf0c75761a5a3ac28e03afcae"} [2025-12-10 09:51:04.016] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:04.016] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:04.016] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:04.016] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:04.016] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:04.017] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:04.152] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360264152, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206235373298, "etime": 1726206235373298, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41737, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:51:04.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:51:07.119] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24396 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a6f5bca111788ca6c5d73b0ec6bb226e93fd5c4ba44ff17a5ec434215d782e57&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015106Z"} [2025-12-10 09:51:07.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:07.119] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:07.119] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:07.119] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:07.119] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:07.120] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:07.231] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360267231, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817625182947, "etime": 1726817625182947, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51905, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:07.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:07.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:07.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:10.329] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24823 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl?X-Amz-Date=20251210T015109Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f0494e72c47e8f285075e2434dbd40268ed523c108d61ebc1b8b82dc92de3805"} [2025-12-10 09:51:10.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:10.330] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:10.330] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:10.330] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:10.330] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:10.331] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:13.289] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl|result:{"code": 1, "total_count": 41, "abnormal_count": 10, "normal_count": 31, "alert_count": 10, "timestamp": 1765360273288, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730650228530388, "etime": 1730650228530388, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50245, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650208511833, "etime": 1730650208511833, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50240, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650112240220, "etime": 1730650112240220, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50217, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650155372298, "etime": 1730650155372298, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50228, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650102231904, "etime": 1730650102231904, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50216, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650012402831, "etime": 1730650012402831, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50163, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650032486498, "etime": 1730650032486498, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50197, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650042546438, "etime": 1730650042546438, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50200, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649989691367, "etime": 1730649989691367, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50157, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649979631484, "etime": 1730649979631484, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50154, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650092209167, "etime": 1730650092209167, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650142281713, "etime": 1730650142281713, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50224, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650152287645, "etime": 1730650152287645, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50226, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650022478815, "etime": 1730650022478815, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50196, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650132267815, "etime": 1730650132267815, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50219, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649909567128, "etime": 1730649909567128, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50141, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730650055999837, "etime": 1730650055999837, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50205, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650175389967, "etime": 1730650175389967, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50233, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649999755423, "etime": 1730649999755423, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50159, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650178469668, "etime": 1730650178469668, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50235, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650188480292, "etime": 1730650188480292, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650198496516, "etime": 1730650198496516, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650238549857, "etime": 1730650238549857, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50246, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650122248709, "etime": 1730650122248709, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50218, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649909596500, "etime": 1730649909596500, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649969616362, "etime": 1730649969616362, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50150, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650022421299, "etime": 1730650022421299, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650218521940, "etime": 1730650218521940, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50243, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649989741616, "etime": 1730649989741616, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50158, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650032529670, "etime": 1730650032529670, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50198, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650082194703, "etime": 1730650082194703, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50210, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649979685059, "etime": 1730649979685059, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50155, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650042735709, "etime": 1730650042735709, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50201, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650238555411, "etime": 1730650238555411, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50247, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650066018622, "etime": 1730650066018622, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50207, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730649999962727, "etime": 1730649999962727, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50160, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730650052749438, "etime": 1730650052749438, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50202, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650079123149, "etime": 1730650079123149, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50209, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650009971550, "etime": 1730650009971550, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650069103891, "etime": 1730650069103891, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50208, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650165383123, "etime": 1730650165383123, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:51:13.289] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 10|max_alert: 1000 [2025-12-10 09:51:13.289] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:13.289] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:13.433] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24824 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl?X-Amz-Signature=2dad2f3cf9a2e4ddbcf43b2f290bce136b9538a00e2a80c0956db7bab97c549d&X-Amz-Date=20251210T015112Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:13.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:13.433] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:13.433] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:13.433] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:13.433] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:13.434] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:13.534] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360273533, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796555607769, "etime": 1726796555607769, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51150, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:13.534] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:13.534] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:13.534] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:16.535] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24825 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl?X-Amz-Signature=0f2117edc393a2982ff9a709b470429ed27e684ff86341f437ef9c8aaaf36bd5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015115Z&X-Amz-Expires=604800"} [2025-12-10 09:51:16.535] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:16.535] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:16.535] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:16.535] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:16.535] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:16.536] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:16.680] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360276679, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814815421540, "etime": 1726814815421540, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51808, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:16.680] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:16.680] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:16.680] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:19.638] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26079 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=154ad697d31b440619acb3ca7903d082ae22092314b9763d7acde14eddc41637&X-Amz-Date=20251210T015119Z"} [2025-12-10 09:51:19.638] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:19.638] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:19.638] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:19.638] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:19.638] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:19.757] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360279757, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800751837711, "etime": 1726800751837711, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51268, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:19.757] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:19.758] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:19.758] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:22.740] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24397 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl?X-Amz-Date=20251210T015122Z&X-Amz-Signature=a8114e24444db4d8c3628176286c8704a7c53796283812641cd9aaabcabe74b3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:51:22.740] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:22.740] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:22.740] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:22.740] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:22.740] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:22.741] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:22.869] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360282868, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254857212933, "etime": 1727254857212933, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55484, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:51:22.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:51:25.842] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26080 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015125Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c51a282102cf575eb9b2f0da1c2ebf38f030624f87d8bba94a60f35f01665055"} [2025-12-10 09:51:25.842] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:25.842] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:25.842] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:25.842] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:25.842] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:25.843] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:25.971] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360285971, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726219066161189, "etime": 1726219066161189, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 64738, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:51:25.972] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:51:28.945] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24826 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl?X-Amz-Date=20251210T015128Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d3f454e059400509fd5c22452160280b01480d52dfb2ef37e6ce7d8f9a6d7b32"} [2025-12-10 09:51:28.945] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:28.945] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:28.945] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:28.945] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:28.945] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:28.946] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:29.077] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360289077, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796464731835, "etime": 1726796464731835, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51147, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:29.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:29.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:29.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:32.049] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24827 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=2dc61beb4be0847737e75cc38b97ca23f3131870c01753fe557b066d9b32fdee&X-Amz-Date=20251210T015131Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:32.049] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:32.049] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:32.049] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:32.049] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:32.049] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:32.050] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:32.178] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360292178, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817701131928, "etime": 1726817701131928, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51908, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:32.178] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:32.178] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:32.178] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:35.150] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24398 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015134Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=556f2eb9f896a329ff1209e249656b20ee97f8a8f974c4282a7a7b368608c67f"} [2025-12-10 09:51:35.150] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:35.150] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:35.150] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:35.150] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:35.150] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:35.151] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:35.285] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360295284, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817852939448, "etime": 1726817852939448, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51914, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:35.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:35.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:35.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:38.253] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26081 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl?X-Amz-Date=20251210T015137Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4f726a8ee10a5d22dc16a0d2c914d1d84177bc481136670db1f8bb667a1b0454&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:38.253] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:38.253] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:38.253] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:38.253] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:38.253] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:38.254] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:38.390] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360298390, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796631511396, "etime": 1726796631511396, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51153, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:38.390] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:38.390] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:38.390] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:41.355] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24828 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015140Z&X-Amz-Signature=74f36b2c313eae33e95c1ada6e653bbaaef0f13196d387718f10b5a4d90dd2d5&X-Amz-Expires=604800"} [2025-12-10 09:51:41.355] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:41.355] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:41.355] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:41.355] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:41.355] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:41.356] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:41.487] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360301486, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796783315699, "etime": 1726796783315699, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51159, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:41.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:41.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:41.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:44.459] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24829 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015143Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=175034161505f408efbb4f8f448a68a314b8085e944b1782ce2018f12d0e7c3d"} [2025-12-10 09:51:44.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:44.459] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:44.459] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:44.459] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:44.459] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:44.460] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:44.599] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360304598, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814724556757, "etime": 1726814724556757, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51805, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:44.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:44.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:44.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:47.562] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26082 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl?X-Amz-Signature=b71e05ee7b87326118030330faa8aa2c991dff05bc0e3f191a1ab1a4326f0a89&X-Amz-Date=20251210T015147Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:47.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:47.562] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:47.562] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:47.562] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:47.562] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:47.563] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:47.679] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360307679, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817457283627, "etime": 1726817457283627, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51898, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:47.679] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:47.679] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:47.679] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:50.665] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24830 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl?X-Amz-Date=20251210T015150Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=59145114d80aeb60f01eef0e2d69701232431339894e8445cc3db233ee57de70"} [2025-12-10 09:51:50.665] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:50.666] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:50.666] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:50.666] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:50.666] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:50.667] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:50.791] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360310791, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796372166386, "etime": 1726796372166386, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51142, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:50.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:50.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:50.791] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:53.767] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24399 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015153Z&X-Amz-Expires=604800&X-Amz-Signature=304f85ac4190d68a20272501b9e564e53ff7ca329ee51f7bc7f614b6ee5bf0c3"} [2025-12-10 09:51:53.767] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:53.767] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:53.767] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:53.767] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:53.767] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:53.768] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:53.899] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360313899, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816453262985, "etime": 1726816453262985, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51862, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:53.899] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:53.899] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:53.899] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:56.869] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24400 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015156Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3fcde9b6050165a0b8c74580b86f3fb985e7c8f0a6277a74eb88f7ca83cca25f"} [2025-12-10 09:51:56.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:56.870] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:56.870] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:56.870] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:56.870] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:56.871] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:51:57.000] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360317000, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795336342989, "etime": 1726795336342989, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:51:57.000] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:51:57.000] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:57.000] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:51:59.972] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24831 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=996460c5b87fb06dc40a42386e4ed0da4af4dae273c3855ccca240714e503b93&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015159Z"} [2025-12-10 09:51:59.972] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:51:59.972] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:51:59.972] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:51:59.972] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:51:59.972] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:51:59.973] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:00.101] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360320100, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814632001396, "etime": 1726814632001396, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51800, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:00.101] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:00.101] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:00.101] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:03.075] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26083 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bfd01c905370eff19e7b65af526bcdb969e423fd443aff94cd70742d89071f41&X-Amz-Date=20251210T015202Z"} [2025-12-10 09:52:03.075] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:03.075] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:03.075] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:03.075] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:03.075] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:03.076] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:03.150] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360323149, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800568894429, "etime": 1726800568894429, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51260, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:03.150] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:03.150] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:03.150] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:06.179] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24401 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl?X-Amz-Signature=79986a3d70b74b1a0d91bc939c1d6ce3cd8b6ef39dc2646a68fd793471d84f3c&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015205Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:06.179] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:06.179] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:06.180] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:06.180] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:06.180] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:06.180] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:06.295] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360326295, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799420509946, "etime": 1726799420509946, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51216, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:06.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:06.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:06.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:09.282] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24402 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl?X-Amz-Date=20251210T015208Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=936592a6fedd8e568754e507698e050cd0e8aceb4f2031ff0b128de70fc1fe53"} [2025-12-10 09:52:09.282] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:09.282] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:09.282] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:09.282] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:09.282] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:09.283] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:09.409] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360329409, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814891301072, "etime": 1726814891301072, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51811, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:09.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:09.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:09.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:12.383] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26084 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl?X-Amz-Date=20251210T015211Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4e7fa9df209e2feb8a01bc62eb451828f922b8b1572771262b2ca3a006ccf017&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:52:12.384] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:12.384] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:12.384] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:12.384] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:12.384] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:12.385] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:12.518] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360332517, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800827740005, "etime": 1726800827740005, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51271, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:12.518] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:12.518] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:12.518] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:15.488] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26085 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3d1f795544985237eac56766022ad636c5eb0419454b5aeb1a76ad9884126414&X-Amz-Date=20251210T015214Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:52:15.489] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:15.489] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:15.489] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:15.489] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:15.489] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:15.490] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:15.622] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360335622, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800979479221, "etime": 1726800979479221, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51277, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:15.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:15.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:15.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:18.590] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26086 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015218Z&X-Amz-Signature=c4210a20922ac31ac8e2bd6588a27360a5c04f496278c38cdb205d4ffef5180c"} [2025-12-10 09:52:18.590] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:18.590] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:18.590] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:18.590] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:18.590] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:18.591] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:18.717] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360338716, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204486629031, "etime": 1726204486629031, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41383, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:18.717] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:21.692] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24403 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015221Z&X-Amz-Signature=8364b4dc1b0a59695c539c207721ee18a9778353faba9b4c71544823a5710615&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:21.692] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:21.692] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:21.820] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360341820, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204181773669, "etime": 1726204181773669, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41342, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:21.820] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:24.794] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26087 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl?X-Amz-Expires=604800&X-Amz-Signature=12d53f724b8470231166aced6bc3a90f5b24d10fdc3d0888c293bd618b108798&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015224Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:24.794] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:24.794] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:24.794] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:24.794] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:24.794] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:24.795] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:24.930] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360344929, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206189682240, "etime": 1726206189682240, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41721, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:24.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:27.897] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24832 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015227Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0416a450e2d9e4dd8955a0fc7e2a51dc46d3bbf370cb9f01713817a1b6d7304c"} [2025-12-10 09:52:27.897] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:27.897] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:27.897] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:27.897] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:27.897] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:27.899] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:28.010] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360348010, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817549330216, "etime": 1726817549330216, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51902, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 09:52:28.010] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:52:28.010] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:28.011] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:52:30.999] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26088 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=06546fb6cf6fb7adc1355735c50c66192a4c6bfb46c4c413a0f554f635591f5a&X-Amz-Date=20251210T015230Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:52:30.999] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:30.999] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:30.999] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:30.999] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:30.999] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:31.000] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:31.110] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360351109, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130594814192, "etime": 1726130594814192, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44018, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:31.110] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:34.102] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24404 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl?X-Amz-Date=20251210T015233Z&X-Amz-SignedHeaders=host&X-Amz-Signature=20f6e01921a74f226266d52b94d45ef623058c425c1971ebc5bbefc587b6a2cd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:52:34.102] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:34.102] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:34.102] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:34.102] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:34.102] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:34.103] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:34.218] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360354218, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130597888908, "etime": 1726130597888908, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44022, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:34.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:37.204] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24833 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl?X-Amz-Signature=37a5eb1d3018493edb647034cfa13873876dc739809f81a64aad51abc4fcacb9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015236Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:37.204] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:37.204] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:37.204] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:37.204] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:37.204] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:37.205] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:37.331] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360357331, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130600951323, "etime": 1726130600951323, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44036, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:37.331] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:40.307] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24405 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl?X-Amz-Signature=a50418a539a0f40ca3e200c138fadc239bce49ec941924ad000b551aec52be88&X-Amz-Expires=604800&X-Amz-Date=20251210T015239Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:40.307] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:40.401] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360360400, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129534385217, "etime": 1726129534385217, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43376, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:40.401] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:43.409] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26089 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015242Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b124c0542c3006b3463c7cd73ec2bed26610cd1c9bd4f7b851159363c6b1beb1"} [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:43.409] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:43.477] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360363477, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129540525621, "etime": 1726129540525621, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43412, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:43.477] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:46.511] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24406 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d5c74c06e538bd08e44814cbc6cd853cdff1d6fae1e5f4c637e951e87be9eabd&X-Amz-Date=20251210T015245Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:46.511] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:46.511] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:46.512] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:46.512] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:46.512] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:46.512] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:46.593] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360366592, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129531312250, "etime": 1726129531312250, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50538, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:46.593] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:49.613] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24407 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl?X-Amz-Signature=37f72d5ac5bc5fe0161b52b06b8072d4039ae359e93976ad230c11eb99becabc&X-Amz-Date=20251210T015249Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:52:49.613] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:49.613] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:49.614] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:49.614] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:49.614] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:49.614] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:49.697] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360369696, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129602495128, "etime": 1726129602495128, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33044, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:49.697] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:52.716] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24408 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=28db8d213abb51034833ded4a8917fb02b2412537f82bd9129eaa3479bb135e4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015252Z&X-Amz-Expires=604800"} [2025-12-10 09:52:52.716] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:52.716] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:52.716] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:52.716] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:52.716] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:52.717] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:52.787] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360372786, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129605568976, "etime": 1726129605568976, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33072, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:52.787] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:55.818] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24409 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl?X-Amz-Expires=604800&X-Amz-Signature=839b98beedd0213100ce19667e3bdd2e3ccd1f791320e61fb16ee3f3b5f410da&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015255Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:55.818] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:55.818] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:55.818] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:55.818] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:55.818] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:55.819] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:55.886] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360375885, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129596344217, "etime": 1726129596344217, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45844, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:55.886] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:52:58.920] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24410 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl?X-Amz-Date=20251210T015258Z&X-Amz-Signature=268f8838c3649df97a5b991e460d4b6e162e2b69d8516dde4fdc2df327547c45&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:52:58.920] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:52:58.920] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:52:58.920] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:52:58.920] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:52:58.920] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:52:58.921] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:52:59.018] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360379017, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129656983253, "etime": 1726129656983253, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36990, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:52:59.018] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:02.023] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24834 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015301Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bb3059042d30fc3cfb6251a005aa8b39c24bcfe23a087f3c8782b0a6a8ec1a52"} [2025-12-10 09:53:02.023] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:02.023] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:02.023] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:02.023] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:02.023] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:02.024] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:02.139] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360382138, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127475160859, "etime": 1726127475160859, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52800, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:02.139] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:05.125] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24835 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015304Z&X-Amz-Signature=99397c649c5698302bc7a5be34625d6c07932020dd231117c4b24145e4db7f7d"} [2025-12-10 09:53:05.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:05.125] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:05.126] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:05.126] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:05.126] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:05.126] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:05.243] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360385243, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726625075007769, "etime": 1726625075007769, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53638, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:05.243] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:08.228] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26090 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fd0d3c4c676d05dd54b0047161fd4a2196cbb340d6d0ef02e4df8c7f919283c1&X-Amz-Date=20251210T015307Z"} [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:08.229] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:08.295] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360388295, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625033510867, "etime": 1726625033510867, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53621, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 09:53:08.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:53:08.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:08.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:53:11.330] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24836 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl?X-Amz-Signature=42d6d5cfd1f3a917163bc38612271b30f289831332bf7383dba845460965eb52&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015310Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:11.330] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:11.395] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360391395, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625102281011, "etime": 1726625102281011, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53649, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 09:53:11.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:53:11.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:11.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:53:14.433] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24837 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015313Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8c2dc84b0fde8a526589b870dcc629988a5b54894ece4b78257af3b1e0af5be4"} [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:14.433] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:14.500] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360394500, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159736606126, "etime": 1727159736606126, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50496, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:14.500] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:17.536] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24838 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015317Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0add6cf36a73222bb50087f0f8069ede254a18a2272a859b140bf1ce06368dc5"} [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:17.536] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:17.604] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360397604, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206884424275, "etime": 1726206884424275, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41854, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:17.604] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:20.638] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26091 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl?X-Amz-Signature=f37f42d17036eb8e535a5d81bfebeb4c75794b24b9e020f011d71d1578793c01&X-Amz-Date=20251210T015320Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:20.638] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:20.704] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360400704, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196721239125, "etime": 1726196721239125, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 57745, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:20.704] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:23.740] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24411 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015323Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=705e9878a5f32fc39e67d06cdce97eb87358b9e14129d167e1138c08817bda6e"} [2025-12-10 09:53:23.740] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:23.740] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:23.741] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:23.741] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:23.741] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:23.741] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:23.856] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360403856, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727231971353033, "etime": 1727231971353033, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49198, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:23.856] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:26.842] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26092 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015326Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f5cd0eb44e5014b58fd3a85479ed6b83895109ee1f5471f6849eed3eab4e7954"} [2025-12-10 09:53:26.842] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:26.842] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:26.842] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:26.842] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:26.842] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:26.843] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:26.913] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360406912, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132156837251, "etime": 1726132156837251, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44878, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:26.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:29.945] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24412 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=201e92e52dcc8fc85b49fcddff1d46a4c11c37f54cb0a4e6cfdf4fc4ac9b2f39&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015329Z&X-Amz-Expires=604800"} [2025-12-10 09:53:29.945] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:29.945] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:29.945] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:29.945] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:29.945] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:29.946] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:30.023] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360410022, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132160888987, "etime": 1726132160888987, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44880, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:30.023] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:33.047] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26093 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl?X-Amz-Date=20251210T015332Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=c2d8e6cf560dbb9b870c08f10e4e7ab4e2b8be1df6bc79d32ae069568523157b"} [2025-12-10 09:53:33.047] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:33.047] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:33.047] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:33.047] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:33.047] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:33.048] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:33.164] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360413163, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132164940623, "etime": 1726132164940623, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44882, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:33.164] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:36.149] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24839 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl?X-Amz-Date=20251210T015335Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6a578d504aa0d1fd97180cfa7aee02b095eb05b1f2f74128d82d7dfbc4c7d4c4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:36.149] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:36.149] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:36.149] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:36.149] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:36.149] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:36.150] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:36.268] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360416268, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132181204310, "etime": 1726132181204310, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44898, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:36.268] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:39.252] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26094 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015338Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=597eba5c9d5f13d0871623c8455730a233df5461032be0592ff2021e7a1001ba"} [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:39.252] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:39.336] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360419336, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132198895715, "etime": 1726132198895715, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44902, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:39.336] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:42.354] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24413 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl?X-Amz-Signature=b6d96f69c391e01986aa11c43ddabbc7bfb5083dd5331a9664634ddc24679007&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015341Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:42.354] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:42.354] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:42.354] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:42.354] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:42.354] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:42.355] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:42.468] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360422467, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132202949996, "etime": 1726132202949996, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44904, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:42.468] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:45.456] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24414 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl?X-Amz-Date=20251210T015344Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9f18251bac1988022c0e0419c9234c75cdbf018be2b0549f5b86ef9b81fcab62&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:53:45.456] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:45.456] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:45.456] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:45.456] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:45.456] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:45.457] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:45.580] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360425580, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132210076668, "etime": 1726132210076668, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44908, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:45.581] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:48.557] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26095 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015348Z&X-Amz-Expires=604800&X-Amz-Signature=53273ac5ceb5b87af8d47d3b6101ea96035ab046c29608fa7910bb64870a5a69&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:48.558] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:48.558] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:48.558] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:48.558] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:48.558] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:48.559] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:48.685] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360428685, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132222298719, "etime": 1726132222298719, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44922, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:48.685] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:51.661] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26096 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015351Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=df9d291b3be557f3cd9646e80db0f4048e50006e33a679d854ea7de43603ac73&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:51.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:51.661] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:51.661] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:51.661] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:51.661] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:51.662] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:51.788] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360431788, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132238749105, "etime": 1726132238749105, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53324, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:51.788] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:54.763] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24840 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl?X-Amz-Date=20251210T015354Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=94cd66404ee53b02f495975bf973849d4657c55d32bddece2a007139cabceaf7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:54.763] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:54.763] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:54.763] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:54.763] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:54.763] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:54.764] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:54.881] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360434880, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132242809210, "etime": 1726132242809210, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53326, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:54.881] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:53:57.865] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24841 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl?X-Amz-Signature=a3b3b1354630371f55d2c5908f9dcc4022234352fece59d10dbb0eb15163a108&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015357Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:57.865] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:53:57.865] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:53:57.865] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:53:57.865] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:53:57.865] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:53:57.866] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:53:57.994] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360437993, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132259074869, "etime": 1726132259074869, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53342, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:53:57.994] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:00.968] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24842 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cca7e92923031873d26d4d10079f71e4b093db15cbc84875905a1722fa9dd286&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015400Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:00.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:00.968] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:00.968] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:00.968] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:00.968] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:00.969] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:01.093] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360441093, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132262129847, "etime": 1726132262129847, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53344, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:01.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:04.070] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26097 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015403Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=142c32da0be8d1df3c02342d8a93d8eff8e3d405b8bcda497ba88dbd604526aa&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:54:04.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:04.070] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:04.070] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:04.070] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:04.070] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:04.071] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:04.169] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360444168, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130418008173, "etime": 1726130418008173, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33858, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:04.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:07.171] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24415 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015406Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d9f89429f7605489b8c443f23d87b7d160edbb0fe48d5ef5dbbccec75138c93f"} [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:07.172] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:07.284] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360447284, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130403707012, "etime": 1726130403707012, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52856, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:07.284] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:10.274] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24416 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d43c87dc4c07e80390289022dc47bf4eb58db10f7cbdd5559d0d31fa6751c7ca&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015409Z&X-Amz-Expires=604800"} [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:10.274] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:10.341] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360450340, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130407773337, "etime": 1726130407773337, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52870, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:10.341] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:13.377] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24417 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0e2f29bbf7801f2175ab8e7a37a1903aa923659fb164f14e957581b42cd764b4&X-Amz-Date=20251210T015412Z&X-Amz-Expires=604800"} [2025-12-10 09:54:13.377] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:13.377] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:13.377] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:13.377] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:13.377] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:13.378] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:13.494] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360453494, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130495999516, "etime": 1726130495999516, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36998, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:13.494] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:16.479] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24418 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c694beff1800b39a167bc554eff43fe57b845949497632d791926e5c401f0ab8&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015415Z"} [2025-12-10 09:54:16.479] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:16.479] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:16.480] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:16.480] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:16.480] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:16.481] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:16.579] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360456579, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130487857094, "etime": 1726130487857094, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38776, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:16.579] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:19.580] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24843 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015419Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9e9a5be1ac95e6ecbb7e37e0d749c72c88a9f69ab589b7797c0d2b68ff8be37a"} [2025-12-10 09:54:19.581] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:19.581] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:19.581] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:19.581] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:19.581] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:19.582] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:19.711] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360459710, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130491924477, "etime": 1726130491924477, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38790, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:19.711] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:22.682] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24419 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015422Z&X-Amz-Signature=439280ca04866bf4df64b1dc1e7bc475d6a65b1baf0f86debb3bb8a2627d492e"} [2025-12-10 09:54:22.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:22.682] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:22.683] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:22.683] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:22.683] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:22.684] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:22.806] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360462805, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405503297814, "etime": 1727405503297814, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54133, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:22.806] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:25.785] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24420 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl?X-Amz-Date=20251210T015425Z&X-Amz-Expires=604800&X-Amz-Signature=c82c5a10b16f440905096373e9f79b89288afbbe22666e8e47b5c3b288db1677&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:54:25.785] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:25.785] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:25.785] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:25.785] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:25.785] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:25.786] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:25.901] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360465901, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130556764604, "etime": 1726130556764604, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 32800, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:25.901] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:28.888] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26098 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=61a7b9225fe7392d57d0b085021b2b1b14863c985ec256af84e734dc3aa00eba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015428Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:54:28.888] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:28.888] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:28.889] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:28.889] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:28.889] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:28.889] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:29.030] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360469029, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130530174603, "etime": 1726130530174603, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47822, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:29.030] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:31.989] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26099 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl?X-Amz-Date=20251210T015431Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f8e8556ecb0bfacfdb43a163fd14af67c530059966ca09d5b6ba25d575d0bf01"} [2025-12-10 09:54:31.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:31.989] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:31.990] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:31.990] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:31.990] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:31.990] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:32.125] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360472125, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130550614119, "etime": 1726130550614119, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51514, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:32.126] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:35.093] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24844 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl?X-Amz-Expires=604800&X-Amz-Signature=46d0cea375af359df9fe922b920b29d76a987b7e594b6f8e01c5853e14cf430a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015434Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:54:35.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:35.093] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:35.093] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:35.094] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:35.094] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:35.094] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:35.215] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360475215, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130534242035, "etime": 1726130534242035, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51736, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:35.215] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:38.196] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26100 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015437Z&X-Amz-Signature=319a6a31052ba9f7b1c1e0c7a54cf6f3f03a03b8c46520baa827f1b2f0ee8499&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:38.196] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:38.196] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:38.196] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:38.196] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:38.196] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:38.197] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:38.285] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360478284, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130578537995, "etime": 1726130578537995, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36554, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:38.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:41.299] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26101 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=131130d73457a39a5019d3b20e2c7fcafeac223d2ad1f1181984b2235edda159&X-Amz-Date=20251210T015440Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:54:41.299] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:41.299] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:41.299] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:41.299] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:41.299] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:41.300] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:41.423] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360481422, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130607100947, "etime": 1726130607100947, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41972, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:41.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:44.402] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24845 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015443Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3417ea490b5d1b6f7c0d83c7e9139b5755e5e7b1aef324bbc445e353beec73e2"} [2025-12-10 09:54:44.402] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:44.402] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:44.402] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:44.402] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:44.402] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:44.403] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:44.533] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360484533, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130610171636, "etime": 1726130610171636, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41988, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:44.533] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:47.504] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24846 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b7d6df56752fdee82370bb68c7a24522a7bae7e48f8d2f84cabb23327eef56fe&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015447Z"} [2025-12-10 09:54:47.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:47.504] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:47.505] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:47.505] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:47.505] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:47.506] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:47.610] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360487610, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130586675472, "etime": 1726130586675472, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48286, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:47.610] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:50.607] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24847 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015450Z&X-Amz-SignedHeaders=host&X-Amz-Signature=00103fecf4807eb81187c444b16332fd5103a7a47397013bbbea5e4e45834afa"} [2025-12-10 09:54:50.607] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:50.607] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:50.608] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:50.608] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:50.608] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:50.609] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:50.734] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360490734, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130590746835, "etime": 1726130590746835, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48288, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:50.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:53.711] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26102 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015453Z&X-Amz-Signature=8934fed4f52f71308ef45e051b3cde520a8a4fa5d29d7f385a13eed28d39fab9&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:53.712] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:53.712] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:53.713] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:53.826] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360493825, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129515037057, "etime": 1726129515037057, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34324, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:53.826] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:56.815] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24421 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015456Z&X-Amz-Expires=604800&X-Amz-Signature=d32487f317c28df31daa7c13441d7e30485c08ff5e8875511a3e460286c952ae"} [2025-12-10 09:54:56.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:56.815] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:56.816] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:56.816] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:56.816] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:56.817] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:54:56.942] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360496941, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129519102820, "etime": 1726129519102820, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34338, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:54:56.942] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:54:59.919] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24422 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015459Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d7009e8c730427269297e963d5b733b1beb59cc8a8c0c8bf9c463131acc81e34"} [2025-12-10 09:54:59.919] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:54:59.919] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:54:59.919] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:54:59.919] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:54:59.919] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:54:59.920] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:00.050] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360500049, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129537459588, "etime": 1726129537459588, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43408, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:00.050] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:03.021] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26103 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015502Z&X-Amz-Signature=0b0545d3a8ba003107ed17c294c16de71be7960be47e8343ceb7f65459c355ca&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:55:03.022] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:03.022] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:03.022] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:03.022] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:03.022] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:03.023] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:03.153] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360503153, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129543587846, "etime": 1726129543587846, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58164, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:03.153] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:06.124] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24423 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c184b0625d3d65395b4b3d73f925198801dfdffdf7e846ba17fed0fd6565d389&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015505Z"} [2025-12-10 09:55:06.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:06.124] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:06.124] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:06.124] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:06.124] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:06.125] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:06.247] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360506247, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129549746565, "etime": 1726129549746565, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58182, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:06.247] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:09.228] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26104 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015508Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=edde0f4c381c92c19bb0a1e336ad0cf9e809d0fed468f7f615b1e995059660b0"} [2025-12-10 09:55:09.228] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:09.228] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:09.229] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:09.229] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:09.229] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:09.230] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:09.359] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360509359, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129592277569, "etime": 1726129592277569, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45842, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:09.360] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:12.331] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26105 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7568abdf89e9cc4f659ee37c84cf2c32e51279fe1787feb84eeb6da3e7c3ef51&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015511Z&X-Amz-Expires=604800"} [2025-12-10 09:55:12.331] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:12.331] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:12.332] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:12.332] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:12.332] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:12.333] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:12.458] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360512458, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129584156504, "etime": 1726129584156504, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52104, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:12.458] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:15.433] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24848 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b6924a9b08ec75668889685500b9d1564613bf285ec4027806401958d0ea9aa6&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015514Z"} [2025-12-10 09:55:15.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:15.433] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:15.434] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:15.434] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:15.434] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:15.435] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:15.561] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360515560, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129588213011, "etime": 1726129588213011, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52112, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:15.561] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:18.536] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24849 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=cbe7abafdd75982d85383c1446df718c76b0e276405e2268afeb68c5ce9ed68b&X-Amz-Expires=604800&X-Amz-Date=20251210T015518Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:55:18.536] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:18.536] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:18.536] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:18.536] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:18.536] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:18.537] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:18.668] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360518667, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129632475937, "etime": 1726129632475937, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35710, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:18.668] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:21.638] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26106 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e692235ad396cc6602bca9fbc80ced1382b791274c1e67c4c1e59ce363552e0f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015521Z"} [2025-12-10 09:55:21.638] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:21.638] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:21.639] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:21.639] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:21.639] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:21.639] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:21.705] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360521704, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129636547837, "etime": 1726129636547837, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35724, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:21.705] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:24.741] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24850 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4658675ab1f65136407671bf06d7a5478c882e2942bcea021d565c778f52e304&X-Amz-Date=20251210T015524Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:24.741] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:24.741] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:24.741] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:24.741] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:24.741] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:24.742] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:24.809] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360524808, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129660062800, "etime": 1726129660062800, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 37004, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:24.809] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:27.843] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24424 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015527Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c51eff9eac6ada3d544b609829575e166e6f0c0b23ef3067e603462b94b8524b"} [2025-12-10 09:55:27.843] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:27.843] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:27.843] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:27.843] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:27.843] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:27.844] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:27.956] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360527956, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129650834462, "etime": 1726129650834462, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56522, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:27.957] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:30.945] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24851 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl?X-Amz-Date=20251210T015530Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=864fc09fd48adef28dedf8b1bff2b304cc48bfd11baf20a38659b23945a43c31"} [2025-12-10 09:55:30.945] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:30.945] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:30.945] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:30.945] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:30.946] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:30.946] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:31.069] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360531069, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129146973654, "etime": 1726129146973654, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56136, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:31.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:34.047] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26107 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl?X-Amz-Date=20251210T015533Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e45495c4c85b64b1c13f248aeadb148d0365be7bbcdd3e22c6d27a7299a91413&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:55:34.047] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:34.047] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:34.048] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:34.048] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:34.048] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:34.049] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:34.179] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360534179, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206777449726, "etime": 1726206777449726, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41835, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:34.179] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:37.149] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26108 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=442f6c4d53b957a5bcc03ca223a6e2690df43fa6c14c3b3af9e427fd82b5a31d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015536Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:55:37.149] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:37.149] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:37.149] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:37.149] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:37.149] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:37.150] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:37.279] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360537279, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207522658653, "etime": 1726207522658653, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42007, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:37.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:40.252] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26109 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl?X-Amz-Date=20251210T015539Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4c9f4813c2d2b52ad37e38605f4b7f43d83749b460d7bcfa8547b83d13cad5b6"} [2025-12-10 09:55:40.252] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:40.252] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:40.252] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:40.252] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:40.252] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:40.253] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:40.379] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360540379, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205310664181, "etime": 1726205310664181, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41530, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:40.379] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:43.354] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24852 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9306dfeda4d64c193ee9b9aa85bf788d06e64795096cb068ce409d7295463d07&X-Amz-Date=20251210T015542Z&X-Amz-Expires=604800"} [2025-12-10 09:55:43.354] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:43.354] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:43.354] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:43.354] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:43.354] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:43.355] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:43.483] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360543483, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206901437530, "etime": 1726206901437530, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41855, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:43.483] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:46.459] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24853 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=13c60fec28ba3bfe6225b9b4755935cba7e07f11417faaf5250f44d7c9e26845&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015545Z"} [2025-12-10 09:55:46.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:46.459] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:46.459] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:46.459] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:46.459] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:46.460] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:46.589] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360546589, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132117175505, "etime": 1726132117175505, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44850, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:46.589] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:49.562] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26110 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=26fc0f70bc8c8ea85b0d029cc22ce56b6f9ad9b82657c6ef965c239d6720e111&X-Amz-Date=20251210T015549Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:49.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:49.562] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:49.562] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:49.562] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:49.562] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:49.563] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:49.641] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360549641, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132178204905, "etime": 1726132178204905, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44896, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:49.641] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:52.664] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24854 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=dfee26d6207e807ba6988c508482fd9fa0e45321d3118ef5fe635ffcac85a096&X-Amz-Date=20251210T015552Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:52.664] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:52.664] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:52.664] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:52.664] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:52.664] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:52.665] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:52.778] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360552777, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132219302359, "etime": 1726132219302359, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44920, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:52.778] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:55.766] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26111 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015555Z&X-Amz-Signature=09ace2d52984a8ae99d9e635f6699c2af0c818be18a3e7885a88937808b1df76&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:55:55.766] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:55.766] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:55.767] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:55.767] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:55.767] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:55.767] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:55.887] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360555886, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132253023796, "etime": 1726132253023796, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53336, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:55.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:55:58.868] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24425 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl?X-Amz-Signature=c792e144744ebc7fbf9f688c6c733449c00de774573cad75c5418cf27cfb79a3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015558Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:58.868] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:55:58.868] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:55:58.869] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:55:58.869] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:55:58.869] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:55:58.870] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:55:58.996] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360558996, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130503236949, "etime": 1726130503236949, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54372, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:55:58.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:01.972] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24426 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b9d9114b88afe14dbff335d29d8a1d2dcf684f1af8d07724f7a7e9020d650ea1&X-Amz-Date=20251210T015601Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:56:01.972] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:01.972] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:01.972] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:01.972] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:01.972] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:01.973] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:02.054] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360562054, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130544539578, "etime": 1726130544539578, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51482, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:02.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:05.073] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24855 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6ff7bb2e228643694375db78a24fc9f697dfbd8c669e7a0d993039a71d62f9d7&X-Amz-Date=20251210T015604Z"} [2025-12-10 09:56:05.073] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:05.073] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:05.073] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:05.073] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:05.073] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:05.074] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:05.161] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360565160, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130604086777, "etime": 1726130604086777, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41956, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:05.161] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:08.175] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24427 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015607Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=9ead83b9a8252e20d9f2f6c34255c366d99370e64f7d494fae1efc67cad1e1ee"} [2025-12-10 09:56:08.175] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:08.175] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:08.175] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:08.175] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:08.175] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:08.176] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:08.241] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360568241, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129602562634, "etime": 1726129602562634, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33056, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:08.241] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:11.280] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24428 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2512d5fe2add63433ec5ffd634c66985040ce2d3abaeabeb360c9088e404af6d&X-Amz-Date=20251210T015610Z"} [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:11.346] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360571346, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129653974338, "etime": 1726129653974338, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36982, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:11.346] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:14.382] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26112 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d4b36e5c6255e84650a947b9444d71e3cfe928058b4d615a3294e44bb63dd9a6&X-Amz-Date=20251210T015613Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:14.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:14.382] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:14.382] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:14.382] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:14.382] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:14.383] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:14.496] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360574495, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130415005209, "etime": 1726130415005209, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33856, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:14.496] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:17.484] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24856 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015616Z&X-Amz-Signature=2508d0a9367d592aacc736c3a7aaff791e25d314d1e9c1ca6ec2b725da08953a&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:56:17.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:17.484] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:17.484] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:17.484] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:17.484] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:17.485] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:17.550] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360577550, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130424233613, "etime": 1726130424233613, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35934, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:17.550] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:20.588] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26113 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl?X-Amz-Date=20251210T015620Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=abd5cf93d7bdbe5be457405d48bd428f72c82baeda5e658d0f24207d28368405&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:20.588] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:20.718] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360580718, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132172099217, "etime": 1726132172099217, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44888, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:20.718] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:23.690] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24857 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl?X-Amz-Date=20251210T015623Z&X-Amz-Signature=cfe248fa9091339de101cdd87a8851e522c822cd42fd1171d5848341430b0075&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:56:23.690] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:23.690] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:23.690] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:23.691] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:23.691] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:23.691] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:23.827] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360583827, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132213199706, "etime": 1726132213199706, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44912, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:23.827] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:26.793] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24429 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015626Z&X-Amz-Signature=5c6c86fb53a01eb657c4ac1aac7c4b7dfdbf9407d23a1c42479f838af3b20438&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:26.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:26.793] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:26.794] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:26.794] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:26.794] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:26.795] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:26.916] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360586915, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132249971605, "etime": 1726132249971605, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53332, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:26.916] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:29.896] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24858 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl?X-Amz-Date=20251210T015629Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=531b1b0d1a8cc499828c8eb8124125e47449ad1d4f6f556c2eae2218cb23ca91&X-Amz-Expires=604800"} [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:29.897] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:30.012] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360590012, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130541462031, "etime": 1726130541462031, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51766, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:30.012] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:32.999] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26114 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015632Z&X-Amz-Signature=9a24fb9a65fc68bfcfc6e5bd87b0cbe5ee03cfa1931ebf1247c8a35c4790e9c5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:56:32.999] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:32.999] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:33.000] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:33.000] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:33.000] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:33.001] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:33.078] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360593078, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130597951750, "etime": 1726130597951750, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44024, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:33.078] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:36.101] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24430 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015635Z&X-Amz-Signature=6be823d427d23e75506b9ea325cf2a8f3c6c1909a8637051793e62627cdb52a5&X-Amz-Expires=604800"} [2025-12-10 09:56:36.101] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:36.101] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:36.102] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:36.102] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:36.102] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:36.102] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:36.169] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360596169, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129534453295, "etime": 1726129534453295, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43392, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:36.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:39.203] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24859 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl?X-Amz-Signature=0cc2f9176e6a316654416564979e5dfe91a9f98108ba954012029f32387acf50&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015638Z"} [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:39.203] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:39.270] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360599269, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129599484661, "etime": 1726129599484661, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45862, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:39.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:42.306] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24431 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c9f992741684c6d6792f20e13459da44b6b17d090638bf564c6b7156cda5feb2&X-Amz-Expires=604800&X-Amz-Date=20251210T015641Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:42.306] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:42.372] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360602371, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129647824887, "etime": 1726129647824887, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56508, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:42.372] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:45.409] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26115 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015644Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d9117b56b75e9bb20f71f903955ae55a724722a8b6c32175fd3a9116d67f4abb"} [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:45.409] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:45.474] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360605474, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130421152591, "etime": 1726130421152591, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33868, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:45.474] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:48.512] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24432 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=976f4f3b12524de38ccd4c15c09481d6cc4d3fdd2f94ae9e46ae16df6efe6d7e&X-Amz-Expires=604800&X-Amz-Date=20251210T015647Z"} [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:48.512] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:48.577] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360608577, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130541391931, "etime": 1726130541391931, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51754, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:48.577] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:51.614] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24860 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015651Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e7b5de66081b07e9e392be4c432176b710f998a2d4d21a2ffb82477cc1c6844d"} [2025-12-10 09:56:51.614] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:51.614] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:51.614] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:51.614] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:51.614] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:51.615] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:51.731] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360611731, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129546667192, "etime": 1726129546667192, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58168, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:51.731] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:54.716] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24861 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=bf51f7dd8e11b86a611f606034ba8278c44e9c9233ccf619fd07cf513964ad37&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015654Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:56:54.716] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:54.716] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:54.716] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:54.716] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:54.716] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:54.717] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:54.845] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360614845, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129599418463, "etime": 1726129599418463, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45860, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:54.845] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:56:57.819] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24433 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=43f7408dbbfd14e53a7edcf578309f9618706061616222656e9b7809a04f4be4&X-Amz-Date=20251210T015657Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:56:57.819] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:56:57.819] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:56:57.820] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:56:57.820] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:56:57.820] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:56:57.821] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:56:57.929] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360617929, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129653908234, "etime": 1726129653908234, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36974, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:56:57.929] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:00.921] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24434 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bd1ccd5360fcddcd51025a4beccdab2e3947fee768e2cccb46bff8dadf8af1da&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015700Z"} [2025-12-10 09:57:00.921] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:00.921] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:00.921] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:00.921] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:00.921] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:00.922] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:01.051] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360621050, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129644682614, "etime": 1726129644682614, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56490, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:01.051] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:04.024] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26116 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=87812dafb39255821eda27146188b10ef57e0a48c99137908330864cb15880c6&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015703Z"} [2025-12-10 09:57:04.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:04.024] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:04.024] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:04.024] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:04.024] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:04.025] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:04.152] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360624152, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129647757340, "etime": 1726129647757340, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56494, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:04.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:07.126] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24435 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl?X-Amz-Date=20251210T015706Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=97ea1c009596bcfc3a8d6008c08dad7d7baddcb68e81621eb44d3ac5cf6673e6&X-Amz-Expires=604800"} [2025-12-10 09:57:07.126] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:07.126] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:07.127] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:07.127] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:07.127] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:07.127] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:07.253] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360627252, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130503236536, "etime": 1726130503236536, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54360, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:07.253] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:10.229] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24862 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d43e40e59a107b8d0d9fa0108e1cc0f9ac64ea788d985b9a002d2f90359457b7&X-Amz-Expires=604800&X-Amz-Date=20251210T015709Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:10.229] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:10.229] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:10.229] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:10.229] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:10.229] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:10.230] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:10.337] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360630336, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205275790404, "etime": 1726205275790404, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41524, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:10.337] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:13.331] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26117 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl?X-Amz-Signature=83410b73cc5798b0ea7b762b21264b96ea34bc24a6a7e3c6e25d5108d42c0ec8&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015712Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:57:13.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:13.332] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:13.332] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:13.332] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:13.332] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:13.333] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:13.456] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360633455, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130399636819, "etime": 1726130399636819, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47654, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:13.456] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:16.434] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26118 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl?X-Amz-Signature=5c2c1462ea60c3ba12587098b03ff3dc9b494b142740fc50da6b2799be9726b7&X-Amz-Date=20251210T015716Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:57:16.434] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:16.434] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:16.435] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:16.435] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:16.435] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:16.435] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:16.556] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360636555, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130553691921, "etime": 1726130553691921, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 32786, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:16.556] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:19.537] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24863 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=78062a0e1c2bb183e3a751b54c60da332de6df0a1684b6497dad7af7e8cc7226&X-Amz-Date=20251210T015719Z"} [2025-12-10 09:57:19.537] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:19.537] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:19.537] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:19.537] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:19.537] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:19.538] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:19.666] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360639665, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129523172277, "etime": 1726129523172277, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50518, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:19.666] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:22.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24864 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015722Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c769664aea050ace41929fd31fe345ffe71cc6372b9a16f8b050184eaacc9f4f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:22.640] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:22.640] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:22.640] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:22.640] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:22.640] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:22.641] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:22.767] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360642766, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129527239896, "etime": 1726129527239896, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50524, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:22.767] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:25.742] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24865 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl?X-Amz-Date=20251210T015725Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=48bc7779a0be6c68009c8ab9f0194254c79722776718c827fb5df5db02087cf2&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:25.742] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:25.742] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:25.742] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:25.742] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:25.742] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:25.743] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:25.869] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360645868, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129640617536, "etime": 1726129640617536, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35730, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:25.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:28.844] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26119 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5c3b2c2bc32b9c3d2acc49004e92ed230a33584b4579d58a2bf65bda4d946401&X-Amz-Date=20251210T015728Z"} [2025-12-10 09:57:28.844] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:28.844] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:28.845] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:28.845] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:28.845] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:28.846] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:28.972] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360648972, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308954568900, "etime": 1726308954568900, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43321, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:28.972] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:31.947] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26120 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl?X-Amz-Date=20251210T015731Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=def8f5e8c4e262a08c8e9076bcf041baf331f16504ef15b4d66fac0b0ede97b4&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:31.947] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:31.947] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:31.947] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:31.948] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:31.948] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:31.948] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:32.056] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360652055, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129540582098, "etime": 1726129540582098, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43414, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:32.056] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:35.049] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24866 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015734Z&X-Amz-Signature=63fdcc87cf474263880ec599d0c821bb2d9bc5a317ceaec7f9e5a9d039e03e82&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:35.050] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:35.169] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360655169, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308782677919, "etime": 1726308782677919, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43316, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:35.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:38.152] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26121 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015737Z&X-Amz-SignedHeaders=host&X-Amz-Signature=67d7334b76ecb0633a5aaf950cf3c332f94d3a40120fadc6043e660323ee110d&X-Amz-Expires=604800"} [2025-12-10 09:57:38.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:38.152] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:38.152] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:38.152] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:38.153] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:38.153] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:38.219] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360658219, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308782808555, "etime": 1726308782808555, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43317, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:38.219] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:41.253] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24436 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl?X-Amz-Signature=3d0486c1039dbd52118691b495c773d116667c7dd84d0ebcc96a256bb54c0fb1&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015740Z&X-Amz-Expires=604800"} [2025-12-10 09:57:41.253] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:41.253] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:41.253] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:41.253] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:41.253] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:41.254] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:41.319] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360661318, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436113712758, "etime": 1727436113712758, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50555, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:41.319] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:44.357] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24437 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015743Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c0b09cfdb4034881f94708db5eb69ba1d178bba730a56ed2ae5e9c7424010f36"} [2025-12-10 09:57:44.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:44.357] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:44.358] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:44.358] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:44.358] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:44.358] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:44.423] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360664423, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625047363652, "etime": 1726625047363652, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53624, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:57:44.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:57:44.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:44.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:57:47.458] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24867 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c7fe9a565b4cb3602474d9d6ebc973d59bca78e7230cded4ab90bd4713b47d28&X-Amz-Date=20251210T015746Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:57:47.458] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:47.458] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:47.458] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:47.458] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:47.458] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:47.459] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:47.527] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360667526, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255542630132, "etime": 1727255542630132, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43063, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:47.527] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:50.560] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26122 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl?X-Amz-Date=20251210T015750Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b59d218db6d904b8adc8053110dfc538e21ba17e9ab9dc1cb1b7ae8b031b7f4f"} [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:50.560] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:50.629] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360670629, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520055539377, "etime": 1727520055539377, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63350, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:50.629] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:53.661] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24868 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a9cd2f0dd5670e7ee0573fb67a71c66e7d1c324d39238c0bb901014340f71e59&X-Amz-Date=20251210T015753Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:53.661] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:53.728] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360673728, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192517812209, "etime": 1726192517812209, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11957, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:57:53.728] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:57:56.764] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24438 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=09101f275d9adf1e4c175908c0cd40ddb3b572dd20eed5808a5ddef462f7de4a&X-Amz-Date=20251210T015756Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:56.764] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:56.830] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360676830, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625050505958, "etime": 1726625050505958, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53625, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:57:56.830] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:57:56.830] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:56.830] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:57:59.867] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26123 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015759Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=45211be53e428d73c2870f8d9dd6646d2aa2161e954e385eebc69bbdb416674a&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:57:59.867] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:57:59.867] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:57:59.867] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:57:59.868] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:57:59.868] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:57:59.868] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:57:59.987] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360679987, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625085605335, "etime": 1726625085605335, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53642, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:57:59.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:57:59.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:59.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:58:02.968] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24869 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=78f9f782b370848103be9379aba365b4e2370efd5d5ea2cfcc29a1d0c416d7be&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015802Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:58:02.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:02.968] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:02.968] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:02.968] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:02.968] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:02.969] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:03.083] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360683082, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255540318957, "etime": 1727255540318957, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43061, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:03.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:06.072] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26124 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015805Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=08e7c3c15c6dafe9c81387a538d1cc7a1ff3fcca5269d1c03b0abdfbfe5e39ed"} [2025-12-10 09:58:06.072] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:06.072] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:06.072] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:06.073] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:06.073] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:06.074] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:06.212] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360686211, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624881691309, "etime": 1726624881691309, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53560, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:58:06.212] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:58:06.212] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:06.212] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:58:09.174] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24439 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015808Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ef9a6f288d0c9171faa63489887547e5ca2eb3b3e34be59b4c7bed6397632f7b&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:09.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:09.174] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:09.174] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:09.174] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:09.174] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:09.175] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:09.303] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360689302, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405489398774, "etime": 1727405489398774, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54129, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:09.303] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:12.275] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24870 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl?X-Amz-Signature=4070a0dc73f8caa34696891ffb109b5ea061690af19a56919352fabd0a2f9950&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015811Z"} [2025-12-10 09:58:12.275] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:12.275] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:12.275] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:12.275] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:12.275] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:12.276] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:12.404] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360692403, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405538005109, "etime": 1727405538005109, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36457, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:12.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:15.377] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24440 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2041c68b9dc96a8e63c7e965c60f74f365a14395269c864f548aaa84b8a95632&X-Amz-Date=20251210T015814Z"} [2025-12-10 09:58:15.377] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:15.377] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:15.377] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:15.377] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:15.377] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:15.378] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:15.517] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360695516, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405528620810, "etime": 1727405528620810, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36453, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:15.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:18.479] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24441 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T015817Z&X-Amz-Signature=9768e1227656945cd04be065b8a4b104733498b84541a65416af0e0506e003d0&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:18.479] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:18.479] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:18.479] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:18.479] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:18.479] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:18.480] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:18.622] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360698621, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405533370267, "etime": 1727405533370267, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36455, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:18.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:21.580] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24442 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015821Z&X-Amz-Signature=815553d5ea8908caf012d001c479120b2a6e44625084372e7b2b7529ddfcc8fe"} [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:21.580] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:21.683] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360701682, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405512715624, "etime": 1727405512715624, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54138, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:21.683] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:24.681] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24871 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=18fcb8972eddb26101482f6f7bcaf2a74fbc2bf859d8f4eba7e666fdc2cdfb3d&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015824Z"} [2025-12-10 09:58:24.681] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:24.681] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:24.681] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:24.681] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:24.681] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:24.682] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:24.751] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360704750, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405491662221, "etime": 1727405491662221, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54130, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:24.751] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:27.782] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26125 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl?X-Amz-Date=20251210T015827Z&X-Amz-Signature=0cfaf34ed4e7b941ba60cce7c9ec563a90f03ab7eb0ba2b37df496009560ee0b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:27.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:27.782] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:27.782] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:27.782] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:27.783] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:27.783] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:27.896] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360707895, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405496157582, "etime": 1727405496157582, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54131, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:27.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:30.884] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24872 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl?X-Amz-Date=20251210T015830Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e79df30339664ce64049dc05697f85ebb2ca794f2765e67d4bc0aa32052f39ec"} [2025-12-10 09:58:30.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:30.884] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:30.884] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:30.884] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:30.884] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:30.885] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:31.018] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360711017, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405529866272, "etime": 1727405529866272, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36454, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:31.018] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:33.985] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24873 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl?X-Amz-Date=20251210T015833Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6eccbdda0022eff4795003057631dff8e7007ee1a8f90ef1bc5f59cf7bdaa949"} [2025-12-10 09:58:33.985] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:33.985] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:33.986] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:33.986] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:33.986] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:33.986] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:34.053] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360714052, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405536345005, "etime": 1727405536345005, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36456, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:34.053] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:37.087] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24443 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=38372f0d428f84153f6ebb4f764a98bc0d59520a452f066128546a2438c8c851&X-Amz-Date=20251210T015836Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:58:37.087] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:37.087] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:37.087] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:37.087] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:37.087] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:37.088] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:37.153] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360717153, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405509216119, "etime": 1727405509216119, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54136, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:37.153] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:40.092] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24444 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f28974872933c395950f3e7c03fd628b4d595a6acc6ef93b535ae67e374cd953&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015839Z"} [2025-12-10 09:58:40.092] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:40.092] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:40.092] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:40.093] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:40.093] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:40.093] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:40.191] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360720190, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193267159595, "etime": 1726193267159595, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13173, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:40.191] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:43.195] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26126 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2ad6c0a6822a571de993cd20fd078474f0ef84fb209ac5b167c399c69254e265&X-Amz-Date=20251210T015842Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:43.195] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:43.195] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:43.195] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:43.195] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:43.195] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:43.196] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:43.293] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360723292, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625082909964, "etime": 1726625082909964, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53641, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:58:43.293] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:58:43.293] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:43.293] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:58:46.296] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24874 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015845Z&X-Amz-Signature=d8478c770b1c160c3447eceaa83949b442910cc88a25f5cad2323561d69a0cdd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:46.296] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:46.296] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:46.296] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:46.296] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:46.296] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:46.297] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:46.421] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360726421, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405507372722, "etime": 1727405507372722, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54134, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:46.422] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:49.398] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24445 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015848Z&X-Amz-Signature=cab780e536e30befa209edaf98d6aea4155fa46bd5cd8ec5bc936de90aebfe76&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:49.398] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:49.465] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360729464, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405510787455, "etime": 1727405510787455, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54137, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:49.465] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:52.498] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24446 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=480fb63d3866b5501e5d8129288b706e0bb33e086459ab78b92c8b797bad671a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015852Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:52.498] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:52.498] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:52.498] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:52.498] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:52.498] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:52.499] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:52.584] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360732584, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405513528149, "etime": 1727405513528149, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54139, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:52.584] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:55.600] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24447 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015855Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2ac10e196e4f973963f26cd7a907b5bef16a2e8701394925c593470b2db27714"} [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:55.600] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:55.665] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360735665, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520063799827, "etime": 1727520063799827, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63360, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:55.665] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:58:58.701] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26127 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl?X-Amz-Date=20251210T015858Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6e00a270fe1e45c892ae3717332f99004afad5d28c6122ae2f01ba334542ca69"} [2025-12-10 09:58:58.701] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:58:58.701] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:58:58.701] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:58:58.702] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:58:58.702] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:58:58.702] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:58:58.785] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360738785, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254876072015, "etime": 1727254876072015, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55521, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:58:58.785] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:01.802] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24875 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl?X-Amz-Date=20251210T015901Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b1e7250bf77805d4fbce3c3984cc62cc12d4dfff7695728580eafa23a97fe415&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:01.802] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:01.802] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:01.802] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:01.803] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:01.803] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:01.803] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:01.882] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360741882, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436128753161, "etime": 1727436128753161, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50573, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:01.882] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:04.903] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24876 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl?X-Amz-Signature=ee1dd6da432ec3993b677ddc2dbb1d76b11f424764249c93f0b2807d1fe215c6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015904Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:04.903] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:04.904] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:04.904] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:04.904] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:04.904] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:04.905] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:05.021] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360745020, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405487704534, "etime": 1727405487704534, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54127, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:05.021] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:08.005] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24877 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015907Z&X-Amz-Signature=45652ede8c591583bd0fdf8a78030befb85c8a6dda5884d11b435f64ad36c2ee"} [2025-12-10 09:59:08.006] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:08.006] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:08.006] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:08.006] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:08.006] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:08.007] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:08.114] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360748114, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519466626383, "etime": 1727519466626383, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62816, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:08.114] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:11.106] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26128 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl?X-Amz-Date=20251210T015910Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=506759048ba5f237aee5d42218d2e9ba05ec5fbe2b5992ba0fa080fe181076d1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:59:11.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:11.106] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:11.106] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:11.106] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:11.106] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:11.107] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:11.173] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360751172, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518200548375, "etime": 1727518200548375, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61698, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:11.173] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:14.210] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24448 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0612d6d8f3fc524a9782f7c47c5ed6315ee5a115969cf0cacf8dbb2e1e0b6bb2&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015913Z"} [2025-12-10 09:59:14.210] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:14.210] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:14.210] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:14.210] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:14.210] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:14.211] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:14.330] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360754329, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725955229183639, "etime": 1725955229183639, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 21148, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:14.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:14.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:14.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:17.313] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24449 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl?X-Amz-Signature=a448674c7895bca188be9b39ee2dac8d0d9a555b6c8d4003c7d8f275e01a1884&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015916Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:17.313] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:17.313] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:17.314] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:17.314] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:17.314] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:17.315] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:17.440] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360757440, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725955220861005, "etime": 1725955220861005, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 21138, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:17.441] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:17.441] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:17.441] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:20.416] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24450 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015919Z&X-Amz-SignedHeaders=host&X-Amz-Signature=be4e5fcdac83fe8c08723a872a57c66d70f44da8cf646ba7bc1994d1060d15ec"} [2025-12-10 09:59:20.416] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:20.416] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:20.416] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:20.416] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:20.416] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:20.417] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:20.531] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360760531, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405639355442, "etime": 1727405639355442, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40629, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:20.531] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:20.531] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:20.531] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:23.519] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26129 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl?X-Amz-Date=20251210T015922Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1f2b927f8782ceaddc2e2667408434643814625894ad378fc66aa6fc3c3f686e"} [2025-12-10 09:59:23.519] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:23.519] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:23.520] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:23.520] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:23.520] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:23.521] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:23.603] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360763602, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405641230110, "etime": 1727405641230110, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40631, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:23.603] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:23.603] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:23.603] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:26.620] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24878 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015926Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4ebd2ca51ce6ea18c32a357f0a22c4a3ec481cbaac37dd69079f6eebfd63c126"} [2025-12-10 09:59:26.620] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:26.620] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:26.621] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:26.621] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:26.621] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:26.621] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:26.711] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360766711, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520049102346, "etime": 1727520049102346, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63344, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:26.712] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:29.722] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24451 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b043b24cad1f7c9e5428e7f09bea7cb292ccd6bf1112539b93f54c643bd48b30&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015929Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:29.722] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:29.722] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:29.722] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:29.722] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:29.722] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:29.723] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:29.840] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360769840, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518173438205, "etime": 1727518173438205, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61670, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:29.840] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:32.823] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24879 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6020e8b0761b05c2fb05e690e901e658cebf6e2acd6b9eaf698324d1a5d20522&X-Amz-Date=20251210T015932Z"} [2025-12-10 09:59:32.823] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:32.823] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:32.823] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:32.823] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:32.823] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:32.824] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:32.939] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360772939, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519453021652, "etime": 1727519453021652, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62800, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:32.939] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:35.926] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26130 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015935Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e18ff9acd2dafa897582c488996f3e52d33e5030dc47426f5b0228ce04cbdf01"} [2025-12-10 09:59:35.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:35.926] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:35.926] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:35.926] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:35.926] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:35.927] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:36.001] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360776001, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018242689356, "etime": 1726018242689356, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11671, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:36.001] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:36.001] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:36.001] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:39.029] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24452 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015938Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8c4de67864b5ecc817cb141c6fbe86bb8dafefb9b2871f67f9e7e935345e9479&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:39.029] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:39.029] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:39.029] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:39.029] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:39.029] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:39.030] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:39.136] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360779136, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405635486957, "etime": 1727405635486957, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40628, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:39.136] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:39.136] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:39.136] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 09:59:42.130] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24453 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=be309d1b6fcbba3f3301ecdf5b61704f510b49fc96c3297830c9b1e36b5fd033&X-Amz-Date=20251210T015941Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:42.130] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:42.197] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360782196, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254882593815, "etime": 1727254882593815, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55530, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:42.197] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:45.231] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24454 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015944Z&X-Amz-SignedHeaders=host&X-Amz-Signature=376f2384cbb57aaf0a969527d67ac1c34a38ffee0927bdb37b05c37fa0a61c86&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:59:45.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:45.231] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:45.232] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:45.232] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:45.232] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:45.232] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:45.349] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360785348, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254862972335, "etime": 1727254862972335, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55491, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:45.349] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:48.332] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26131 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7ea65aae225d7ab8d6d3733a70233a8d6e7bb0c118ff76c33e0269d1accb7b0a&X-Amz-Date=20251210T015947Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:48.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:48.332] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:48.333] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:48.333] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:48.333] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:48.334] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:48.465] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360788464, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436110994424, "etime": 1727436110994424, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50552, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:48.465] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:51.434] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26132 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015950Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=fded33803f8bcac323e46a59f3c79cf3b00e325905067a2f48057930c145bab1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:59:51.434] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:51.434] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:51.434] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:51.434] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:51.434] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:51.435] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:51.559] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360791558, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254864919652, "etime": 1727254864919652, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55495, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:51.559] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:54.535] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24880 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b16ebe9fba7eb7494f11681690b97252d42e2520c2f6abe86357f2da1c87da13&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015954Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:54.535] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:54.535] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:54.535] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:54.536] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:54.536] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:54.536] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:54.675] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360794675, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727254887821209, "etime": 1727254887821209, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55543, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 09:59:54.675] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 09:59:57.638] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24881 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl?X-Amz-Date=20251210T015957Z&X-Amz-Signature=b851b8af9630d255d4c3aee6f76ad86db27986dca60aecc32393c8eeaa699864&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:59:57.638] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 09:59:57.638] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 09:59:57.639] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 09:59:57.639] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 09:59:57.639] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 09:59:57.640] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 09:59:57.762] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360797761, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041626326302, "etime": 1726041626326302, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 40790, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 09:59:57.762] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 09:59:57.762] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:57.762] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:00:00.742] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24882 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020000Z&X-Amz-SignedHeaders=host&X-Amz-Signature=be981baa7ffcae24cc357e73f8f6f1a4dfd0b9cb905fbc98c5011e102814e025&X-Amz-Expires=604800"} [2025-12-10 10:00:00.742] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:00.742] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:00.742] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:00.742] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:00.742] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:00.743] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:00.875] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:09/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360800874, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018536975552, "etime": 1726018536975552, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12256, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:00:00.875] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:00:00.875] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:00.875] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:00:03.844] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26133 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020003Z&X-Amz-Expires=604800&X-Amz-Signature=e9d901e8f3fc6497f02db637b08ca99a7b3f4235511708a74f8043b33ae8b0c7&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:00:03.844] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:03.844] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:03.844] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:03.844] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:03.844] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:03.845] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:03.970] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360803970, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208854103777, "etime": 1726208854103777, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42268, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:03.970] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:06.849] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24883 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl?X-Amz-Expires=604800&X-Amz-Signature=e3c51cdbda0b065b341806138f36910bd4cec875dc39e11fc91291b7640acd1d&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020006Z"} [2025-12-10 10:00:06.849] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:06.849] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:06.849] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:06.849] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:06.849] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:06.851] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:06.926] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360806926, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127483519962, "etime": 1726127483519962, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52972, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:06.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:09.953] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24884 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020009Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c6ca8f2fe79cd2d6288f8e0d17816caac449c192c47d41fe517410e0ade811a7"} [2025-12-10 10:00:09.953] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:09.953] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:09.954] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:09.954] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:09.954] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:09.954] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:10.064] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360810064, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159688509735, "etime": 1727159688509735, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50450, "dest_port": 9443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:00:10.064] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:00:10.064] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:10.064] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:00:13.054] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24455 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020012Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b1bcd23104b906ee9f16d20074caa0e5c6a832a67f3a6b159be91b5bb25d678b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:00:13.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:13.054] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:13.055] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:13.055] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:13.055] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:13.055] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:13.120] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360813119, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207998860811, "etime": 1726207998860811, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42100, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:13.120] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:16.158] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24456 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c62e891f8e83656dc3a1cfa6c480ff4e652eda3b5ba1d1f009af2bdfbfe80e42&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020015Z&X-Amz-Expires=604800"} [2025-12-10 10:00:16.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:16.158] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:16.158] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:16.158] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:16.158] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:16.159] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:16.277] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360816276, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726127473298137, "etime": 1726127473298137, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52799, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:00:16.277] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:00:16.277] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:16.277] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:00:19.261] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26134 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=fedcc0663c4038096684a40ba48ace71f7d3886600a23604204fda322d970c73&X-Amz-Date=20251210T020018Z"} [2025-12-10 10:00:19.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:19.261] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:19.261] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:19.261] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:19.261] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:19.262] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:19.376] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360819375, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212721829187, "etime": 1726212721829187, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50131, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:19.376] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:22.362] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26135 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=d1e0d2fe3d7d8e81e821d2920a4260842c7f2eaf9a8b717db20aa264dbbd65cd&X-Amz-Date=20251210T020021Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:00:22.362] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:22.362] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:22.362] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:22.362] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:22.362] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:22.363] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:22.487] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360822486, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193381483632, "etime": 1726193381483632, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13322, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:22.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:25.464] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26136 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl?X-Amz-Signature=3091bfc995ba4ad4100980af3c971b27d3cb16bb482b319af756830e92ad58ab&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020024Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:25.464] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:25.464] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:25.464] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:25.464] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:25.464] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:25.465] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:25.591] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360825591, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127506565947, "etime": 1726127506565947, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 53311, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:25.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:28.569] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24885 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl?X-Amz-Signature=914bfc53036f5e12b4ed6407ff9d9a7e111ce526555e2cdceb237e595c5c7868&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020028Z"} [2025-12-10 10:00:28.569] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:28.569] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:28.569] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:28.569] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:28.569] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:28.570] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:28.664] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360828663, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132120257583, "etime": 1726132120257583, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44854, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:28.664] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:31.671] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24886 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f2325581a20c413e664225f1a38d87699904caac1ff8b4ab7f90ddbf801d8c87&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020031Z"} [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:31.672] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:31.751] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360831750, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132175152807, "etime": 1726132175152807, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44892, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:31.751] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:34.774] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24457 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020034Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=587839ab6f779f17315d0509ddf735cdf81c5da6dd2bc01f6a25336c1541fec7"} [2025-12-10 10:00:34.774] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:34.774] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:34.774] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:34.774] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:34.774] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:34.775] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:34.884] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360834883, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132216248272, "etime": 1726132216248272, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44916, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:34.884] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:37.876] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24458 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=23ad744425fa0046c33b4437c47cefd6f3b6dd2403cde7f534a4572db00ae9a0&X-Amz-Date=20251210T020037Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:37.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:37.876] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:37.877] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:37.877] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:37.877] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:37.878] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:38.005] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360838004, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232128680946, "etime": 1727232128680946, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49246, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:38.005] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:40.979] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24459 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f7acb4386c59787c8172532699422398c397c846263776fa56ecd78db69b3646&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020040Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:40.979] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:40.979] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:40.979] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:40.979] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:40.979] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:40.980] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:41.108] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360841108, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132256077876, "etime": 1726132256077876, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53340, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:41.108] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:44.081] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24887 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020043Z&X-Amz-Signature=962c2e1125d5463e2207838c51d7bb967be4cdd20ac6b58f73c67ec38d032bcd&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:00:44.081] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:44.081] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:44.081] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:44.081] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:44.081] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:44.082] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:44.190] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360844189, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405485017759, "etime": 1727405485017759, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:44.190] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:47.181] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26137 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020046Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5b1e480faf031ef219a46639183a37c790e077b0f2ccde2ba5bb31b6c6f8eda1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:00:47.181] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:47.181] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:47.181] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:47.181] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:47.181] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:47.182] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:47.307] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360847307, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405487640185, "etime": 1727405487640185, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54126, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:47.307] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:50.283] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24888 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl?X-Amz-Signature=d5f2cc59b3961b58c004f02de0eedc0843002c849c9e4c6751972303adefecc3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020049Z&X-Amz-Expires=604800"} [2025-12-10 10:00:50.283] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:50.283] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:50.283] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:50.283] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:50.283] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:50.284] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:50.368] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360850367, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405489312574, "etime": 1727405489312574, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54128, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:50.368] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:53.385] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24460 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020052Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3f94563a9229812b858ea796d15706443460014702ba187026ea00e8dee273e6"} [2025-12-10 10:00:53.385] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:53.385] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:53.387] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:53.485] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360853484, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208846205387, "etime": 1726208846205387, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42267, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:00:53.485] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:00:56.487] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26138 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020055Z&X-Amz-Signature=9f337f9eca6a8d35562004ca9c58f11bd3f6b5e14dcf2785c8475608294f9ee8&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:56.487] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:56.487] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:56.488] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:56.488] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:56.488] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:56.488] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:56.600] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360856599, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726127495073869, "etime": 1726127495073869, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 53138, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:00:56.600] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:00:56.600] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:56.600] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:00:59.590] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24889 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl?X-Amz-Date=20251210T020059Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0aae01946b7a4a92818dd9f6bcaee46b80e99e7ea002e443bf77f9945f061058&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:00:59.590] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:00:59.590] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:00:59.590] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:00:59.590] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:00:59.590] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:00:59.591] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:00:59.717] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360859717, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254925517241, "etime": 1727254925517241, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55600, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:00:59.717] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:00:59.717] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:59.717] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:01:02.693] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24461 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=01662dcdd3f975ce2d5ac9df28b58f59d25b33320a2f1e02326e41ed1835fd6d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020102Z&X-Amz-Expires=604800"} [2025-12-10 10:01:02.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:02.693] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:02.693] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:02.693] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:02.693] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:02.694] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:02.823] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360862823, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208860477707, "etime": 1726208860477707, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42274, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:02.824] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:05.795] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24462 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl?X-Amz-Signature=89f5b37e8603a75801425c0ba086e47c15a394a90c6167851d3572b5c177559f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020105Z"} [2025-12-10 10:01:05.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:05.795] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:05.795] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:05.795] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:05.795] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:05.796] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:05.897] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360865896, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208839209384, "etime": 1726208839209384, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42263, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:05.897] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:08.898] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24890 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl?X-Amz-Date=20251210T020108Z&X-Amz-Signature=eadb93ebc8ce42f338ace50ac06cb284a578b087cbd5707bb8064fa5528a9bca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:01:08.898] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:08.898] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:08.898] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:08.898] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:08.898] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:08.899] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:09.027] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360869027, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212719767203, "etime": 1726212719767203, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50128, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:09.027] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:12.001] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26139 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ae1c9d8f7be1b28cca4334a52c1e308a852930d523b5204da22ed8fff498e8cf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020111Z&X-Amz-Expires=604800"} [2025-12-10 10:01:12.001] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:12.001] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:12.001] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:12.001] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:12.001] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:12.002] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:12.128] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360872127, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212724889659, "etime": 1726212724889659, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50134, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:12.128] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:15.103] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24891 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020114Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0f9be1a7188524dd966b66be9c760eb3a62916ec8a7601881239a68dba16d72b&X-Amz-Expires=604800"} [2025-12-10 10:01:15.104] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:15.104] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:15.104] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:15.104] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:15.104] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:15.105] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:15.231] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360875231, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208030347909, "etime": 1726208030347909, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42110, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:15.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:18.206] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26140 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d783a6421d739970f571dd618d9e66d0758a8d7625bb15a1c6d913ea780cffac&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020117Z"} [2025-12-10 10:01:18.206] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:18.206] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:18.206] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:18.206] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:18.206] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:18.207] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:18.334] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360878334, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208876045542, "etime": 1726208876045542, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42283, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:18.334] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:21.309] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26141 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl?X-Amz-Date=20251210T020120Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=bed9e9cd23aaeb04fb0a702c5c81b094a9c7af220fe2934f98b286ab05809030&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:01:21.309] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:21.309] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:21.309] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:21.309] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:21.309] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:21.310] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:21.437] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360881437, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212718733226, "etime": 1726212718733226, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50125, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:21.438] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:24.412] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24892 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b570ae7507e373f234d50fedf8989749ad537e9ce208323d0264eb2a6db7196c&X-Amz-Date=20251210T020123Z"} [2025-12-10 10:01:24.412] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:24.412] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:24.413] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:24.413] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:24.413] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:24.414] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:24.501] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360884501, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212719751845, "etime": 1726212719751845, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50127, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:24.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:27.513] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24893 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl?X-Amz-Signature=0f8d66ec3cd3ab6e64751a39b441fee42e168e625a39e0ec460121c764f3f4f2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020127Z"} [2025-12-10 10:01:27.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:27.513] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:27.513] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:27.513] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:27.513] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:27.514] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:27.629] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360887629, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196747300843, "etime": 1726196747300843, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 58172, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:27.629] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:30.615] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24894 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020130Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=966f91eb67aa72b681b8e30f74f49d2b8d1c79df117687eeefd09ccff38b7f41"} [2025-12-10 10:01:30.615] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:30.615] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:30.616] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:30.616] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:30.616] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:30.617] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:30.748] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360890747, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130506316604, "etime": 1726130506316604, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54386, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:30.748] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:33.717] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26142 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=83a2b249130ad429804c6ae6a8f8789a3c9aeaf258b48a7880f91fb6b80d94dd&X-Amz-Date=20251210T020133Z"} [2025-12-10 10:01:33.718] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:33.718] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:33.718] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:33.718] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:33.718] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:33.719] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:33.846] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360893846, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130547610682, "etime": 1726130547610682, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51500, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:33.846] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:36.819] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24463 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=753368fb4f4a93797c01804dd1f5ff00fe784109e448e74f06eb20957b9aadd0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020136Z&X-Amz-Expires=604800"} [2025-12-10 10:01:36.819] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:36.819] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:36.820] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:36.820] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:36.820] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:36.821] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:36.950] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360896949, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130601018523, "etime": 1726130601018523, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44042, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:36.950] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:39.922] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24895 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=a037ddc674404e768ab4151c4d244268048e7d9db1b5d9b9c10915b354070c90&X-Amz-Date=20251210T020139Z"} [2025-12-10 10:01:39.922] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:39.922] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:39.922] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:39.922] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:39.922] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:39.923] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:40.039] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360900039, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129546741149, "etime": 1726129546741149, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58174, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:40.040] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:43.024] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26143 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl?X-Amz-Expires=604800&X-Amz-Signature=f8d3e714fe9e2ff034d477d922e266d8e9f310e76b628a34f5a409f3501be41e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020142Z"} [2025-12-10 10:01:43.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:43.024] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:43.024] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:43.024] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:43.024] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:43.025] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:43.149] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360903148, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129605640973, "etime": 1726129605640973, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33074, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:43.149] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:46.126] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24464 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020145Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4d16cc3f9a13797d11d954dba8901f67b3a64bf2fc254ef54b7fd7bcb4be573b"} [2025-12-10 10:01:46.126] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:46.126] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:46.126] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:46.127] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:46.127] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:46.127] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:46.254] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360906253, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129657051972, "etime": 1726129657051972, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36992, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:46.254] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:49.229] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26144 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl?X-Amz-Signature=20d360f7188bd0083652ac5944ec9ced1d3cb6e2c4344545871fea1a0936afc2&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020148Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:01:49.229] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:49.229] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:49.229] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:49.229] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:49.230] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:49.230] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:49.361] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360909360, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130427312254, "etime": 1726130427312254, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35960, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:49.361] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:52.331] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26145 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=78185523c3d99147f87c73d257764615b9526487332974f33a1fc6c2d87d6fbd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T020151Z"} [2025-12-10 10:01:52.331] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:52.331] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:52.331] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:52.332] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:52.332] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:52.333] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:52.461] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360912460, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207955701412, "etime": 1726207955701412, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42096, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:52.461] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:55.434] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26146 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020154Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5a34c2c67cd8b980c95cbbbdad31b9dfa61cb7e92b3e95ef20846d0093b3a473"} [2025-12-10 10:01:55.434] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:55.434] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:55.434] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:55.434] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:55.434] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:55.435] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:55.561] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360915561, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212721802468, "etime": 1726212721802468, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50130, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:55.561] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:01:58.536] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24896 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020158Z&X-Amz-Signature=d7861ff588a3dc15d19748f9120098f78ac526d9226da2c322e0897115959c6e"} [2025-12-10 10:01:58.536] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:01:58.536] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:01:58.537] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:01:58.537] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:01:58.537] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:01:58.538] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:01:58.667] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360918667, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212841536391, "etime": 1726212841536391, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50185, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:01:58.667] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:01.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24897 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=92201736407b72e51b6b1724da4f2347c5fcf04978fc0f3c6fbc84d262e42e66&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020201Z"} [2025-12-10 10:02:01.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:01.639] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:01.640] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:01.640] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:01.640] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:01.641] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:01.764] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360921764, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212710678781, "etime": 1726212710678781, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50123, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:01.764] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:04.742] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24898 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl?X-Amz-Signature=3672eb3f5cce1b8846f54dca95f3f96235d8985fd9bac0869fbcad4d3b40681a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020204Z&X-Amz-Expires=604800"} [2025-12-10 10:02:04.742] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:04.742] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:04.742] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:04.742] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:04.742] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:04.743] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:04.875] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360924874, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212714709050, "etime": 1726212714709050, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50124, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:04.875] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:07.844] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26147 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl?X-Amz-Date=20251210T020207Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=09671c4f47475906ec6492030d1ce104948a7c6d8ca0d28424f092220f8ace88&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:07.844] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:07.844] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:07.845] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:07.845] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:07.845] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:07.845] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:07.923] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360927923, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212720770251, "etime": 1726212720770251, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50129, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:07.923] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:10.947] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26148 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl?X-Amz-Date=20251210T020210Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=0f0b864ab0828e8ccbc050fc803b38f8b8800059e410d3acaa81fdd7f7b5bd1b&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:10.947] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:11.067] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360931066, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212722835271, "etime": 1726212722835271, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50132, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:11.067] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:14.049] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24899 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=6757ee403da00e53660c9751a899e6a176265e0a9391040cb5725d69b746bd3b&X-Amz-Date=20251210T020213Z"} [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:14.049] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:14.128] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360934127, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212725906338, "etime": 1726212725906338, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50135, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:14.128] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:17.151] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24465 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020216Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b3b1f0845e52398e014e680f06eb1ba67656a80b8bd86275ddbb3e0abf225e60"} [2025-12-10 10:02:17.151] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:17.151] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:17.151] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:17.151] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:17.151] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:17.152] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:17.252] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360937252, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212727934034, "etime": 1726212727934034, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50137, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:17.252] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:20.253] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26149 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020219Z&X-Amz-Signature=52d41f47d8974d98db04d9d8b2943e05c605bbc626090f6aa093f48830ee093f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:20.253] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:20.253] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:20.254] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:20.254] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:20.254] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:20.254] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:20.320] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360940320, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208046965479, "etime": 1726208046965479, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42111, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:20.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:23.356] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24466 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020222Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fe7d6b0517f808da2a8433d92de54c79aa74390216ea75850ebfc3bb9074dd15"} [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:23.357] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:23.425] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360943425, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159698652174, "etime": 1727159698652174, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50459, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:02:23.425] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:02:23.425] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:23.425] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:02:26.459] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24900 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl?X-Amz-Signature=3cd8c316e078ff870191a71e3a7ea7753bfd52d8b7fd8fc1cfd806d5b1603424&X-Amz-Date=20251210T020225Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:26.459] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:26.525] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360946525, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208017477466, "etime": 1726208017477466, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42108, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:26.525] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:29.562] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26150 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020229Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f2f28623b9aa1a12d1aae40b2ad2a619e5bd792eff30b480eda874ef530408f2"} [2025-12-10 10:02:29.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:29.562] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:29.562] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:29.562] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:29.562] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:29.563] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:29.629] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360949629, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208868155326, "etime": 1726208868155326, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42280, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:29.629] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:32.664] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24901 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl?X-Amz-Date=20251210T020232Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e686251c373f9b0db9648b5b9319f3cb1c2b19bd4b62b14710ce1b23723cf365"} [2025-12-10 10:02:32.664] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:32.664] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:32.664] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:32.664] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:32.664] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:32.665] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:32.729] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360952729, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212718748454, "etime": 1726212718748454, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50126, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:32.729] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:35.864] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24467 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl?X-Amz-Signature=d67a701d8155519eb7667e1f0e5f74b299dbe95ec419b610f7c37fede4a164b8&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020235Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:36.668] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl|result:{"code": 1, "total_count": 12, "abnormal_count": 11, "normal_count": 1, "alert_count": 11, "timestamp": 1765360956668, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800751837711, "etime": 1726800751837711, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51268, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800979479221, "etime": 1726800979479221, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51277, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800736369572, "etime": 1726800736369572, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51267, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800812294590, "etime": 1726800812294590, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51270, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800888157473, "etime": 1726800888157473, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51273, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800827740005, "etime": 1726800827740005, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51271, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800964034758, "etime": 1726800964034758, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51276, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800644346585, "etime": 1726800644346585, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51262, "dest_port": 446, "protocol": "tls", "result": "Behinder"}, {"stime": 1726800568894429, "etime": 1726800568894429, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51260, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726800903601288, "etime": 1726800903601288, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51274, "dest_port": 446, "protocol": "tls", "result": "Antsword"}, {"stime": 1726800660429479, "etime": 1726800660429479, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51264, "dest_port": 22, "protocol": "tls", "result": "Normal"}, {"stime": 1726800660944253, "etime": 1726800660944253, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51265, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:02:36.668] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:02:36.668] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:36.668] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:02:38.967] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24468 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020238Z&X-Amz-Signature=73ac1b1ce4c931566a5ce0b346334011e82416d45c9febfb454b472f533b05bb&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:38.967] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:39.036] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360959036, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212726924441, "etime": 1726212726924441, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50136, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:39.036] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:42.069] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24469 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=1fbe57e136610501b3044318340b7cca6aff217bc7ddc615e92e54c2d9627419&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020241Z"} [2025-12-10 10:02:42.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:42.069] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:42.069] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:42.069] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:42.069] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:42.070] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:42.187] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360962186, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205296283007, "etime": 1726205296283007, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41528, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:42.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:45.173] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24470 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b0e893b160653c56d68a5961251fab01c8df6047205ca5a0e7c43061182d2b6b&X-Amz-Date=20251210T020244Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:45.173] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:45.173] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:45.173] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:45.173] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:45.173] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:45.174] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:45.297] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360965296, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206864375523, "etime": 1726206864375523, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41852, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:45.297] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:48.275] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24902 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=eba13c7dcaa327f0ef88a5106b0e41de20b986760b3abb5240ec03ac2ab82d0d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020247Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:48.275] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:48.275] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:48.275] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:48.275] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:48.275] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:48.276] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:48.382] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360968381, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205265386742, "etime": 1726205265386742, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41520, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:48.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:51.377] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24471 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=12f722dee71f6704f12b92f9f3e0eb979d1256896d26e3905c39908310321a9b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T020250Z"} [2025-12-10 10:02:51.377] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:51.378] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:51.378] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:51.378] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:51.378] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:51.378] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:51.463] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360971463, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159684404287, "etime": 1727159684404287, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50446, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:02:51.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:02:51.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:51.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:02:54.479] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24472 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020253Z&X-Amz-Signature=08bdaafe51d5617b380ead398c05638f02741c4a5f264443c54ba9c0175b9d3a"} [2025-12-10 10:02:54.479] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:54.479] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:54.479] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:54.479] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:54.479] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:54.480] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:54.605] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360974605, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232113603216, "etime": 1727232113603216, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49237, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:54.605] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:02:57.583] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24903 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl?X-Amz-Expires=604800&X-Amz-Signature=46cd4a37e0c63aff94e86f858fad2af1f0ca0a18c3f96ccd654748b12e61d2ee&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020257Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:57.583] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:02:57.583] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:02:57.583] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:02:57.583] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:02:57.583] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:02:57.584] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:02:57.713] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360977712, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232116613994, "etime": 1727232116613994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49238, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:02:57.713] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:00.685] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26151 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=94233c18caae66f3f05387860b0e6c074d2e39fd6fa94340ad88e8f3191bd12a&X-Amz-Date=20251210T020300Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:03:00.685] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:00.685] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:00.685] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:00.685] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:00.685] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:00.686] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:00.808] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360980808, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232128663205, "etime": 1727232128663205, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49245, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:00.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:03.788] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24904 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl?X-Amz-Date=20251210T020303Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b47d03dc2f84c9d0fa3d604227cbdf617877af8602438a5786c39141c29febc4"} [2025-12-10 10:03:03.788] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:03.788] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:03.788] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:03.788] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:03.788] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:03.789] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:03.854] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360983853, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232131674752, "etime": 1727232131674752, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49247, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:03.854] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:06.890] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24473 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl?X-Amz-Date=20251210T020306Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4f9df9d3d6da7c476f7bc57c44289503f0755ce84a1469559e9a40a98bd81b62&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:03:06.890] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:06.890] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:06.891] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:06.891] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:06.891] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:06.891] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:06.955] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765360986955, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726212723856379, "etime": 1726212723856379, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50133, "dest_port": 51119, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:03:06.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:03:06.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:06.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:03:09.993] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24474 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e9c58b0da730562805a7e189de1a91b496ac354461d3b5b0e0e4b2e719553054&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020309Z"} [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:09.993] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:10.058] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360990057, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232122650773, "etime": 1727232122650773, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49243, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:10.058] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:13.097] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24905 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020312Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7c9fef553c92ebfcbe0c4e13469a460281dff30334b37e10d95386a6b1fdf099&X-Amz-SignedHeaders=host"} [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:13.097] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:13.162] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360993162, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207974531385, "etime": 1726207974531385, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42099, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:13.162] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:16.199] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24475 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl?X-Amz-Date=20251210T020315Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9851b56475dc78e08ce39b332236f68c14772441f60d608cf46ebc731d431990"} [2025-12-10 10:03:16.199] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:16.199] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:16.200] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:16.200] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:16.200] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:16.200] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:16.314] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360996314, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232119625195, "etime": 1727232119625195, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49240, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:16.314] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:19.301] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24906 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e3644d5246cd27764ca527fb1e2127641657b84030d18c9f3c2c6eae7a9760cd&X-Amz-Date=20251210T020318Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:19.301] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:19.301] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:19.301] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:19.301] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:19.301] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:19.302] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:19.433] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765360999433, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232134686353, "etime": 1727232134686353, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49249, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:19.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:22.403] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26152 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020321Z&X-Amz-Expires=604800&X-Amz-Signature=2ef62542b1d382501171b1c2b5833934b8fdffcbe0e3f932718e7f98a219034b&X-Amz-SignedHeaders=host"} [2025-12-10 10:03:22.403] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:22.403] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:22.404] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:22.404] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:22.404] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:22.405] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:22.531] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361002530, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206680103509, "etime": 1726206680103509, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41823, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:22.531] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:25.506] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24907 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020324Z&X-Amz-Signature=671968c61e82119c8561f44ee37a5fea8ffef053e5f67301722d6369c5c4b8c9"} [2025-12-10 10:03:25.506] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:25.506] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:25.507] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:25.507] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:25.507] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:25.508] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:25.639] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361005638, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232109592276, "etime": 1727232109592276, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49236, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:25.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:28.609] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26153 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020328Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a2dd5b7c1ab3a00cdab3ce152e2bf5373bbcea4610bf0e1189e2cba294890f68&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:28.609] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:28.609] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:28.609] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:28.609] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:28.609] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:28.610] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:28.737] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361008737, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232137698976, "etime": 1727232137698976, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49251, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:28.737] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:31.711] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24908 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020331Z&X-Amz-Signature=8759a7c47f6888de383a00aa500431048c5be7a292e50460826cd45ff1c00d0e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:03:31.711] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:31.711] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:31.711] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:31.711] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:31.711] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:31.712] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:31.838] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361011837, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727231967331218, "etime": 1727231967331218, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49197, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:31.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:34.813] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24909 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5037669880e94a5552ede240bac0e3caa69e7171cb52229cd6cb54d13ba5e04b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020334Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:34.814] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:34.814] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:34.814] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:34.814] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:34.814] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:34.815] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:34.944] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361014943, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727231975365309, "etime": 1727231975365309, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49199, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:34.944] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:37.916] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24910 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl?X-Amz-Date=20251210T020337Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=832a67121cfd09e42cd8be384d62f46cc6b9fba73f35ff352948217a3ab63a81"} [2025-12-10 10:03:37.917] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:37.917] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:37.917] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:37.917] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:37.917] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:37.918] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:38.026] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361018026, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232119639666, "etime": 1727232119639666, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49241, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:38.026] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:41.019] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24911 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a223f004e1530bfae4093d424872ffa37f6a4b87b6a008fb715f56f2375b0fac&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020340Z"} [2025-12-10 10:03:41.019] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:41.019] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:41.019] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:41.019] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:41.019] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:41.020] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:41.140] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361021139, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232131688173, "etime": 1727232131688173, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49248, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:41.140] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:44.121] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26154 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl?X-Amz-Date=20251210T020343Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e0ca5b1abf76ce6e0d27f3089940c868294a17319a9d6cddcb4bdbf1baa0dd5f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:03:44.121] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:44.121] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:44.121] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:44.121] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:44.121] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:44.122] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:44.248] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361024248, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159697585727, "etime": 1727159697585727, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50458, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:44.248] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:47.223] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26155 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl?X-Amz-Signature=9813c66620c5b47e503da53edf866a6de2bca05993e5997bd322adfa95cd60d9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020346Z&X-Amz-Expires=604800"} [2025-12-10 10:03:47.224] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:47.224] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:47.224] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:47.224] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:47.224] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:47.225] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:47.365] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361027364, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159723824752, "etime": 1727159723824752, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50482, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:47.365] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:50.325] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26156 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020349Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=aa24d3a6c9711dea1b74c330e27b3e3bc4541d29ce676fab7e5689df8e5ff29d"} [2025-12-10 10:03:50.326] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:50.326] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:50.326] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:50.326] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:50.326] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:50.327] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:50.421] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361030421, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232116628907, "etime": 1727232116628907, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49239, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:50.421] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:53.428] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24476 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl?X-Amz-Expires=604800&X-Amz-Signature=a2cb6adc98f89ee8349f5f30e42da147f7aa665dbffc03d139b7686c404f02a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020352Z"} [2025-12-10 10:03:53.428] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:53.428] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:53.428] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:53.428] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:53.428] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:53.429] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:53.509] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361033508, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232134699906, "etime": 1727232134699906, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49250, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:53.509] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:56.530] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24477 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020356Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3a8ce9adb71127fd089767710387634e22fc87edcdb77b00db8ab4fe3c61e10f"} [2025-12-10 10:03:56.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:56.531] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:56.531] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:56.531] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:56.531] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:56.532] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:56.610] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361036609, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159687117391, "etime": 1727159687117391, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50449, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:56.610] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:03:59.634] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24478 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=19f781aa1ea88ac5f73bfd3a164e85be26424864401a540f5d5adbb90a1c3bf5&X-Amz-Expires=604800&X-Amz-Date=20251210T020359Z"} [2025-12-10 10:03:59.634] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:03:59.634] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:03:59.634] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:03:59.634] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:03:59.634] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:03:59.635] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:03:59.752] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361039751, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159714527655, "etime": 1727159714527655, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50473, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:03:59.752] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:02.735] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24912 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020402Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ebed5c7eda3278239ab9d519ad98f5645d995a07bff1ebd8b567c8c428865549"} [2025-12-10 10:04:02.736] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:02.736] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:02.736] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:02.736] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:02.736] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:02.737] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:02.869] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361042868, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232105581000, "etime": 1727232105581000, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49235, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:02.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:05.838] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24479 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020405Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c511a607a3a8009bb999902b9d3f489a97fa986cef28eab93b499583879ecb6d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:05.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:05.838] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:05.838] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:05.838] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:05.838] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:05.839] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:05.969] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361045968, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232122636829, "etime": 1727232122636829, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49242, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:05.969] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:08.940] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26157 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d0eee9e9dc6536e184edb5cc07a5c6dbed974f0a2708c031d3c31145caad57bd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020408Z"} [2025-12-10 10:04:08.940] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:08.940] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:08.941] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:08.941] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:08.941] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:08.941] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:09.078] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361049078, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159736477442, "etime": 1727159736477442, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50495, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:09.078] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:12.043] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24913 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020411Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2a0252ce08c3711e427a185b69e9ee7d4f26f497afcd216660196b3b7db785f9"} [2025-12-10 10:04:12.043] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:12.043] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:12.043] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:12.043] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:12.043] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:12.044] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:12.155] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361052155, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726127488199764, "etime": 1726127488199764, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 52985, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:12.156] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:15.144] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24914 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020414Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7f6f6efb2232ded3bd5e11ae179472b0481c6d6b499afdf41e999dc518cd4ef0"} [2025-12-10 10:04:15.144] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:15.144] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:15.144] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:15.145] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:15.145] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:15.145] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:15.274] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361055273, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644233062389, "etime": 1726644233062389, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62621, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:15.274] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:18.247] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24480 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=46440b387b7a0f27a464a2e7068155cd2c846a21854f1a05d15a934a6bb0c199&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020417Z&X-Amz-Expires=604800"} [2025-12-10 10:04:18.247] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:18.247] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:18.248] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:18.248] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:18.248] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:18.249] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:18.379] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361058378, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232101568994, "etime": 1727232101568994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49234, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:18.379] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:21.350] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26158 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020420Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f4aa4175234d3983bd0e131d9d39f5569b4f7f52332a79db3839acb9a1701b05"} [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:21.350] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:21.447] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361061447, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232125648719, "etime": 1727232125648719, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49244, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:21.447] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:24.452] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24481 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl?X-Amz-Signature=9c687bd41a438a4875519e8b3ea6688ea8e5e36df6500cb7cf91a020e27c990c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020423Z"} [2025-12-10 10:04:24.452] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:24.452] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:24.452] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:24.452] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:24.452] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:24.453] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:24.550] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361064549, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205304718263, "etime": 1726205304718263, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41529, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:24.550] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:27.553] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24482 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl?X-Amz-Date=20251210T020427Z&X-Amz-Expires=604800&X-Amz-Signature=94f9857955dfd9201199ca81d500e4286bd2948d8a2486a664e453707becd76b&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:27.553] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:27.553] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:27.553] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:27.553] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:27.553] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:27.554] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:27.672] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361067671, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518163289887, "etime": 1727518163289887, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61661, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:27.672] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:30.655] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24915 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=600ec7fc8e69ccdc7c26bfa2773935cf4e14cecd3f6105fc818cf4f65b7b5b57&X-Amz-Date=20251210T020430Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:30.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:30.656] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:30.656] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:30.656] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:30.656] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:30.657] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:30.780] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361070779, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159685978431, "etime": 1727159685978431, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50448, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:30.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:33.759] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24483 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e329e78443ffe6bb9e8440ed92f0ff97709f1d9ef4ca68f07be515cc058db237&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020433Z"} [2025-12-10 10:04:33.759] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:33.759] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:33.759] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:33.759] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:33.759] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:33.760] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:33.838] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361073838, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159689644836, "etime": 1727159689644836, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50451, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:33.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:36.863] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26159 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl?X-Amz-Expires=604800&X-Amz-Signature=5e314af6114ddaa5cfc8fcfae7a67a7951ef4f7b2d27c55829118b99fad755a3&X-Amz-Date=20251210T020436Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:36.863] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:36.863] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:36.863] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:36.863] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:36.863] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:36.864] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:36.930] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361076930, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159690767728, "etime": 1727159690767728, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50452, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:36.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:39.965] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26160 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl?X-Amz-Signature=48e67ac03f32f7e1d4a43874a74c3c17615292e5d4ae5ebf48d99421614f7418&X-Amz-Date=20251210T020439Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:39.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:39.965] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:39.965] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:39.965] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:39.965] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:39.966] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:40.086] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361080085, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159691906984, "etime": 1727159691906984, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50453, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:40.086] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:43.068] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24484 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl?X-Amz-Date=20251210T020442Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0cce2d960454b317fc422972a71fc62349831f1ff22304735aa7eb0344e6c91a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:43.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:43.068] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:43.068] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:43.068] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:43.068] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:43.069] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:43.192] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361083191, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159693045182, "etime": 1727159693045182, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50454, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:43.192] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:46.170] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26161 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020445Z&X-Amz-Signature=d01f44cc9f5529d32be2b23393a85f69a2262852a62235691d5a64978e4d9bd2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:46.170] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:46.170] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:46.170] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:46.170] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:46.170] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:46.171] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:46.295] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361086295, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159694168659, "etime": 1727159694168659, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50455, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:46.295] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:49.273] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24485 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020448Z&X-Amz-Signature=01fca8ada85c9124236e7aa99457ff8056c8bd496eb25161d653f7eb0eb46ae1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:49.273] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:49.274] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:49.274] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:49.274] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:49.274] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:49.275] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:49.400] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361089399, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159695308151, "etime": 1727159695308151, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50456, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:49.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:52.375] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26162 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4062431fc45d3c56f886868699d2b3b319620ede4f1fdf64822d3ef25d61a929&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020451Z"} [2025-12-10 10:04:52.375] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:52.375] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:52.375] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:52.375] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:52.375] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:52.376] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:52.458] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361092457, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159696446756, "etime": 1727159696446756, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50457, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:52.458] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:55.478] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24916 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl?X-Amz-Signature=6b8106004e607b4684da4d7e87feebe89e1175db403b1f55efd39f44a925e978&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020454Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:04:55.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:55.478] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:55.478] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:55.478] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:55.478] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:55.479] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:55.545] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361095544, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159699785755, "etime": 1727159699785755, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50460, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:55.545] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:04:58.580] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24486 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=929bada477668463dd93c84bce8de951cad73d7862e99927d53e7565a6d95ec8&X-Amz-Date=20251210T020458Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:58.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:04:58.580] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:04:58.580] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:04:58.580] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:04:58.580] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:04:58.581] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:04:58.650] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361098649, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159700923084, "etime": 1727159700923084, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50461, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:04:58.650] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:01.682] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24487 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2a8773bc0a9b705f9b3f0e50c9449eada77c410d3773cec2b972439049cd1564&X-Amz-Date=20251210T020501Z"} [2025-12-10 10:05:01.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:01.682] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:01.682] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:01.682] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:01.682] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:01.683] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:01.798] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361101797, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159702046585, "etime": 1727159702046585, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50462, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:01.798] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:04.784] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24488 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=942a58ab30024e512fcb3eb93e763343e3a930f77c8e1baa289da888178e2e11&X-Amz-Date=20251210T020504Z"} [2025-12-10 10:05:04.784] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:04.784] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:04.784] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:04.784] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:04.784] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:04.785] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:04.900] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361104900, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159703185523, "etime": 1727159703185523, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50463, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:04.900] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:07.887] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26163 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl?X-Amz-Date=20251210T020507Z&X-Amz-Signature=0f17d73c6fe41986666b7891d930d615bca1da7bcb809111303a201a080b6ad6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:07.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:07.887] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:07.887] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:07.887] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:07.887] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:07.888] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:07.979] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361107979, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159704324389, "etime": 1727159704324389, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50464, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:07.979] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:10.989] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26164 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl?X-Amz-Date=20251210T020510Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f5e9497e4e4568688d7683faf14495c1d848ce5f5a8edd87175d607633089a48&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:10.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:10.989] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:10.989] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:10.989] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:10.989] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:10.990] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:11.104] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361111104, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159705462830, "etime": 1727159705462830, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50465, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:11.104] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:14.091] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24489 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl?X-Amz-Date=20251210T020513Z&X-Amz-Expires=604800&X-Amz-Signature=5ab41c025501dc17fbb953b26eadd1ec018210ea7870588381eed0721f392368&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:14.091] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:14.190] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361114190, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159706602484, "etime": 1727159706602484, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50466, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:14.190] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:17.194] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26165 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl?X-Amz-Signature=c19a8b1d631ed7e29e84a81b4c3e62fd2b738e44eddcd032a5cbd7237bffff42&X-Amz-Date=20251210T020516Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:17.194] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:17.272] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361117272, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159707740555, "etime": 1727159707740555, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50467, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:17.272] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:20.296] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24490 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl?X-Amz-Date=20251210T020519Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9f2037d204a2c2912e26c4a31efa44c122d4a2388a65a5efeee17d2ffe014421&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:20.296] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:20.296] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:20.296] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:20.296] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:20.296] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:20.297] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:20.409] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361120408, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159708879774, "etime": 1727159708879774, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50468, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:20.409] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:23.398] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24491 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7224dfe49f7cef22ff1c7012f15f021546da48a69caa262d4c5872cc0def6b5c&X-Amz-Date=20251210T020522Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:23.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:23.398] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:23.398] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:23.398] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:23.398] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:23.399] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:23.522] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361123522, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159710002755, "etime": 1727159710002755, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50469, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:23.522] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:26.500] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24917 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl?X-Amz-Date=20251210T020525Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=64fd68a33562a9808104b73496d0ef5d3b3df558254af5e5ca62bab2abe59c4e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:05:26.500] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:26.500] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:26.500] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:26.500] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:26.500] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:26.501] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:26.575] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361126574, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159711127348, "etime": 1727159711127348, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50470, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:26.575] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:29.604] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24492 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl?X-Amz-Signature=dfff387384fb7b818c469e64dbb8b5457c25ca794e8d35120dd8ba80c5656756&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020529Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:29.604] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:29.605] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:29.605] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:29.605] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:29.605] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:29.605] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:29.672] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361129672, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159712264573, "etime": 1727159712264573, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50471, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:29.672] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:32.708] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26166 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020532Z&X-Amz-Signature=d2fb0d93cb85769febeec89d8f3a2835c4a83608dba99dd9c8c13c7a3c63fb0c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:32.708] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:32.708] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:32.709] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:32.709] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:32.709] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:32.709] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:32.774] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361132774, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159713388064, "etime": 1727159713388064, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50472, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:32.774] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:35.810] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24918 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=fd1f42d2e76161e574d3b434e4b97ffc409b68bcb3923970ea3cac77c035bfb6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020535Z&X-Amz-Expires=604800"} [2025-12-10 10:05:35.810] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:35.810] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:35.811] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:35.811] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:35.811] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:35.811] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:35.876] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361135876, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159715806939, "etime": 1727159715806939, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50475, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:35.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:38.913] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24919 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl?X-Amz-Signature=66c5bf560aff601da29618e6b452bfc99e612b0ef244a094202cc694a413333e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020538Z"} [2025-12-10 10:05:38.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:38.913] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:38.914] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:38.914] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:38.914] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:38.914] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:38.989] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361138989, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159716945137, "etime": 1727159716945137, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50476, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:38.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:42.016] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24493 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl?X-Amz-Expires=604800&X-Amz-Signature=20ee7684e087378cca1ebec90b5da247218c7a1ef8a759678de9a6171a681f94&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020541Z"} [2025-12-10 10:05:42.016] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:42.016] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:42.017] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:42.017] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:42.017] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:42.017] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:42.082] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361142081, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159718067988, "etime": 1727159718067988, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50477, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:42.082] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:45.119] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24494 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=359fd4c90df6c2621686a57d40ff7df9e06bcc7951b9600e9e39950bf34f6d7b&X-Amz-Expires=604800&X-Amz-Date=20251210T020544Z"} [2025-12-10 10:05:45.119] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:45.119] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:45.119] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:45.119] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:45.119] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:45.120] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:45.185] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361145185, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159719222201, "etime": 1727159719222201, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50478, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:45.185] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:48.221] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26167 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8c482d5a54b1eb9b5ad469f6444b49da0af64c845d936401ce6e607a4ff67c7c&X-Amz-Date=20251210T020547Z"} [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:48.222] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:48.287] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361148287, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159720377717, "etime": 1727159720377717, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50479, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:48.287] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:51.323] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24920 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=eb688581e73a6bc3699fc58e3ab4d5a9d2a6e9f5779eeb2b1055f6d7696c9740&X-Amz-Date=20251210T020550Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:05:51.323] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:51.323] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:51.323] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:51.323] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:51.323] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:51.324] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:51.389] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361151389, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159721547155, "etime": 1727159721547155, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50480, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:51.389] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:05:54.515] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24921 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl?X-Amz-Signature=20c8e68114fc600062d386a9473455b49fb043e819380e58f42d6d4491e9d8a8&X-Amz-Date=20251210T020554Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:54.515] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:54.515] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:54.516] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:54.516] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:54.516] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:54.516] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:55.398] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl|result:{"code": 1, "total_count": 12, "abnormal_count": 11, "normal_count": 1, "alert_count": 11, "timestamp": 1765361155398, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796767859603, "etime": 1726796767859603, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51158, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796372166386, "etime": 1726796372166386, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51142, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796463705132, "etime": 1726796463705132, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51146, "dest_port": 22, "protocol": "tls", "result": "Normal"}, {"stime": 1726796707365874, "etime": 1726796707365874, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51156, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726796555607769, "etime": 1726796555607769, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51150, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796631511396, "etime": 1726796631511396, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51153, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796691923763, "etime": 1726796691923763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51155, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796616036795, "etime": 1726796616036795, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51152, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796447607414, "etime": 1726796447607414, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51144, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1726796464731835, "etime": 1726796464731835, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51147, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796540166380, "etime": 1726796540166380, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51149, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726796783315699, "etime": 1726796783315699, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51159, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:05:55.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:05:55.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:55.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:05:57.617] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24922 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8ce4346f5278320407600fa5c19b7d11a2125880e73e7d45bfaa8d8c643bd466&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020557Z"} [2025-12-10 10:05:57.617] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:05:57.617] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:05:57.617] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:05:57.617] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:05:57.617] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:05:57.618] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:05:57.719] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361157718, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159722687145, "etime": 1727159722687145, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50481, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:05:57.719] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:00.720] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26168 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl?X-Amz-Signature=c31dd373aaf29cc37eb1472756dc50e6a5ca7cc020f973e60df54bfd4680fc1f&X-Amz-Expires=604800&X-Amz-Date=20251210T020600Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:00.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:00.720] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:00.721] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:00.721] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:00.721] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:00.722] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:00.853] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361160853, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159725135017, "etime": 1727159725135017, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50484, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:00.853] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:03.822] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24923 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl?X-Amz-Date=20251210T020603Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=81d026b4b1acfdab71b6e73afae17a16d2f4702faecc019a2c1a63ab7f2b4c8c"} [2025-12-10 10:06:03.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:03.822] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:03.822] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:03.822] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:03.822] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:03.823] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:03.949] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361163948, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159726274300, "etime": 1727159726274300, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50485, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:03.949] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:06.925] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26169 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=56eb404044d5cf3930249fa6c4f834776211721e58a0a774c44071bba3d842c5&X-Amz-Date=20251210T020606Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:06.925] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:06.925] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:06.925] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:06.925] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:06.925] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:06.926] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:07.056] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361167055, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159727397092, "etime": 1727159727397092, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50486, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:07.056] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:10.027] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26170 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020609Z&X-Amz-Signature=68c1a32e6bc9052bf3ce4f325cdfaa7c7b6014cba9c3323b26fc3a2d35184663"} [2025-12-10 10:06:10.028] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:10.028] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:10.028] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:10.028] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:10.028] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:10.029] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:10.113] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361170112, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159728536281, "etime": 1727159728536281, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50487, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:10.113] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:13.129] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24924 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl?X-Amz-Signature=0eea1970cc6c9ece4e9b61ee9522cf66c70fef973b163f770643947bafd7086c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020612Z"} [2025-12-10 10:06:13.129] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:13.129] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:13.129] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:13.129] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:13.129] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:13.130] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:13.254] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361173253, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159729675095, "etime": 1727159729675095, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50488, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:13.254] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:16.232] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24495 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020615Z&X-Amz-Signature=656faf7d31d512425e616b720b278fa4f5f0757ca5c52732d452578cd462d8b8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:16.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:16.232] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:16.232] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:16.233] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:16.233] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:16.233] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:16.362] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361176362, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159730813196, "etime": 1727159730813196, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50489, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:16.362] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:19.334] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24496 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020618Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6b080745e094896522f026aef3b01f3dd662986d8e4f2d0db23f3b43993457dc&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:19.335] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:19.335] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:19.335] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:19.335] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:19.335] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:19.336] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:19.459] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361179458, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159731936760, "etime": 1727159731936760, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50490, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:19.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:22.437] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24925 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020621Z&X-Amz-Expires=604800&X-Amz-Signature=c89fea16ef930f1a6eca3f9e4721ec69233783bbceb879604b9972201f9c8a5f"} [2025-12-10 10:06:22.437] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:22.437] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:22.437] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:22.438] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:22.438] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:22.438] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:22.504] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361182503, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159733075751, "etime": 1727159733075751, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50491, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:22.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:25.540] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26171 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=e124f2611e12ec475d20f1eedd56163473b76a05f1b0ddaa4fdd79e5dd1e3814&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020625Z"} [2025-12-10 10:06:25.541] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:25.541] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:25.541] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:25.541] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:25.541] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:25.542] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:25.655] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361185654, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159734214305, "etime": 1727159734214305, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50492, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:25.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:28.643] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24497 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b48f244c91692b8d71b7bda36ad200b58a9e770b19e5456b7c2b684c12e3619b&X-Amz-Date=20251210T020628Z"} [2025-12-10 10:06:28.643] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:28.643] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:28.643] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:28.643] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:28.643] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:28.644] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:28.770] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361188769, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159735353447, "etime": 1727159735353447, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50493, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:28.770] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:31.745] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24498 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl?X-Amz-Signature=e307de7bf84ea6a4f1935f2b00453ba17dea1af75152ec0a034720a23ae6ab90&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020631Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:31.746] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:31.746] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:31.746] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:31.746] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:31.746] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:31.747] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:31.865] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361191864, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159714668711, "etime": 1727159714668711, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50474, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:31.865] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:34.848] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24926 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020634Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ca0360a6ddf7e948ca42d316205e388de71c70f1d3823d1d0ce7f77c15641a34"} [2025-12-10 10:06:34.848] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:34.848] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:34.848] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:34.848] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:34.848] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:34.849] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:34.980] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361194980, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727159724002024, "etime": 1727159724002024, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50483, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:34.981] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:37.951] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24499 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl?X-Amz-Date=20251210T020637Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a08c3e4febc028e9c13eaed66f0b26bbb81e66491bb19af6c413968f6e7f001f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:06:37.951] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:37.951] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:37.951] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:37.951] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:37.951] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:37.952] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:38.081] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361198081, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130503165571, "etime": 1726130503165571, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54358, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:38.081] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:41.053] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24927 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=1027284f219cb2fa322244dddf6421f27a2925ea5a4e86a477913ad57f8d6ce3&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020640Z"} [2025-12-10 10:06:41.053] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:41.053] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:41.053] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:41.053] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:41.053] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:41.054] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:41.181] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361201180, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208586651410, "etime": 1726208586651410, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42210, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:41.181] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:44.156] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24928 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl?X-Amz-Signature=c9b1d04a3cd4a19894c89e6d2f51c0b9687b85b6eab6c7ca9b94f2bb27764e17&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020643Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:44.156] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:44.156] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:44.156] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:44.156] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:44.156] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:44.157] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:44.281] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361204281, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624870646485, "etime": 1726624870646485, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53555, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:06:44.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:06:44.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:44.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:06:47.258] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24929 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020646Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=90784b773fac1dbdff9221a83dda76f7572619a3b345178f53f4b1e8a546a512"} [2025-12-10 10:06:47.258] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:47.258] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:47.259] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:47.259] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:47.259] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:47.260] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:47.387] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361207386, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132117120758, "etime": 1726132117120758, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44848, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:47.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:50.360] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24930 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl?X-Amz-Date=20251210T020649Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f14184e97571aeb8c34d352f7853595d274bb68e5f226f8e2279e64e7209eccc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:50.360] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:50.360] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:50.360] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:50.360] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:50.360] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:50.361] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:50.491] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361210491, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132120173753, "etime": 1726132120173753, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44852, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:50.491] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:53.463] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24500 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7c8c0065fa91b9d64891b1739e270cfce711bee31cef8d61c79405b9c518d435&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020652Z"} [2025-12-10 10:06:53.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:53.463] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:53.463] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:53.463] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:53.463] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:53.464] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:53.589] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361213589, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132168993637, "etime": 1726132168993637, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44884, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:53.589] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:56.565] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26172 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020656Z&X-Amz-SignedHeaders=host&X-Amz-Signature=1f7aa43a03fe860ba7ff6c9c7b0e4330e19bf6ccbc98825dbbd9c88a90731be6&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:56.565] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:56.565] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:56.566] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:56.566] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:56.566] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:56.567] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:56.695] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361216695, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132172046278, "etime": 1726132172046278, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44886, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:56.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:06:59.668] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24931 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4924043294463b11a2f103f8b96a0b5d07efc06cfbea68b522aee7f148fb3d45&X-Amz-Date=20251210T020659Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:59.668] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:06:59.668] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:06:59.669] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:06:59.669] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:06:59.669] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:06:59.669] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:06:59.783] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361219782, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132175097382, "etime": 1726132175097382, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44890, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:06:59.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:02.770] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26173 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e14f10551c55f5796f7caf14fafed40e20b7a81b1dd45d45069fe10354c269a5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020702Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:02.770] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:02.770] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:02.771] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:02.771] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:02.771] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:02.771] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:02.896] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361222896, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132178151026, "etime": 1726132178151026, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44894, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:02.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:05.873] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26174 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl?X-Amz-Date=20251210T020705Z&X-Amz-Signature=9b686d90d7f8ff48ae01588bd2d1655cd7013ede66f09ed8fb6c9e774e8c7751&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:05.873] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:05.873] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:05.873] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:05.873] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:05.873] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:05.874] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:05.997] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361225996, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132207011307, "etime": 1726132207011307, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44906, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:05.997] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:08.976] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24501 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl?X-Amz-Expires=604800&X-Amz-Signature=31a2ab682286569ca5d8ee0a344fb2a2688a7c15610134ad2f213a532eb44bb3&X-Amz-Date=20251210T020708Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:08.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:08.976] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:08.976] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:08.976] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:08.976] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:08.977] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:09.105] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361229105, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132213139514, "etime": 1726132213139514, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44910, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:09.105] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:12.078] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24932 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl?X-Amz-Signature=9a7193a48ea22d6e6d375aa944db677d37bfae4398b3673a98f6d367db27931f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020711Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:07:12.078] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:12.078] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:12.078] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:12.079] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:12.079] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:12.079] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:12.210] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361232209, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132216193720, "etime": 1726132216193720, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44914, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:12.210] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:15.181] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26175 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020714Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6b0250b0a15702332290665fecb8c85f261c04666bdca905192cecd0014eb33e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:15.181] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:15.181] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:15.181] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:15.181] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:15.181] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:15.182] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:15.310] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361235309, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132219245930, "etime": 1726132219245930, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44918, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:15.310] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:18.284] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24933 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020717Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5a39705508ee005fd2dabdce08d15f7a265b9a834297f8f8ae3938869a4c1658&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:18.284] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:18.284] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:18.285] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:18.285] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:18.285] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:18.286] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:18.412] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361238411, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132246862528, "etime": 1726132246862528, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53328, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:18.412] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:21.388] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24934 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl?X-Amz-Signature=2897ceee99f0468f489ac1692c8454e0114275abd7a956f7cb612dbc3bb512a2&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020720Z"} [2025-12-10 10:07:21.388] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:21.388] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:21.388] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:21.388] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:21.388] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:21.389] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:21.523] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361241523, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132249914625, "etime": 1726132249914625, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53330, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:21.523] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:24.490] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24935 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl?X-Amz-Signature=89c2ac53de023784869f3df0550fa16c03bbe61130ce7821735200ab82eac4a3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020723Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:07:24.490] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:24.490] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:24.490] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:24.490] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:24.490] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:24.491] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:24.619] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361244619, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132252969003, "etime": 1726132252969003, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53334, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:24.619] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:27.592] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24936 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl?X-Amz-Date=20251210T020727Z&X-Amz-Signature=a000b7d3a263a7efee86cebdb22cda930b1e04d5c2fe46f326d834221cbf24eb&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:07:27.593] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:27.593] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:27.593] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:27.593] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:27.593] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:27.594] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:27.720] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361247719, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132256021915, "etime": 1726132256021915, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53338, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:27.720] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:30.707] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26176 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=51b405a83ba29043abfe5a874a94c813547a44183c0abf109c47a3ff3decaa79&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020730Z"} [2025-12-10 10:07:30.708] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:30.708] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:30.708] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:30.708] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:30.708] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:30.709] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:30.818] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361250818, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726207942854398, "etime": 1726207942854398, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42089, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:07:30.818] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:07:30.818] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:30.818] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:07:33.809] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24937 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl?X-Amz-Date=20251210T020733Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=caedd0f53feb1a948fbc41055166ef473b29e18687b11a0d5697f09714f8ab1f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:33.809] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:33.809] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:33.809] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:33.809] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:33.809] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:33.810] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:33.913] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361253913, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130414939435, "etime": 1726130414939435, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33840, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:33.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:36.911] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24502 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=93f930851e57704b17a906bc6f3112ee16fa3b53f6cb3df42115417e90112493&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020736Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:07:36.911] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:36.911] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:36.912] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:36.912] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:36.912] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:36.913] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:37.038] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361257037, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130421086662, "etime": 1726130421086662, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33860, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:37.038] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:40.014] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26177 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl?X-Amz-Signature=0df9f34b288b3df607828d9abc5d5901e7b4e37f7d9608dd52102eeb0886c9b3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020739Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:40.014] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:40.078] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361260078, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130424166404, "etime": 1726130424166404, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35930, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:40.078] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:43.117] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26178 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d94e5a737a07d70d325ff9864f1ec755febc268c0cc7c2c305d7260c6de979dc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020742Z"} [2025-12-10 10:07:43.117] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:43.117] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:43.118] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:43.118] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:43.118] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:43.118] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:43.233] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361263232, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130427241682, "etime": 1726130427241682, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35948, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:43.233] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:46.219] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24938 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl?X-Amz-Date=20251210T020745Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1023daeab2c13fe6298fefb0ff3952953c056cbaf9e4bb8b1a5805047ae225c9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:46.219] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:46.219] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:46.219] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:46.219] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:46.219] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:46.220] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:46.286] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361266286, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130411855319, "etime": 1726130411855319, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52872, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:46.286] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:49.323] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24939 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8f6ce3d64142a3ce7c2258fe9ebf46444509fc9176cf48b0c2c85cf2b2e30cae&X-Amz-Date=20251210T020748Z&X-Amz-Expires=604800"} [2025-12-10 10:07:49.323] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:49.323] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:49.324] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:49.324] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:49.324] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:49.324] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:49.441] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361269441, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130500091262, "etime": 1726130500091262, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 37014, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:49.441] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:52.427] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24940 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl?X-Amz-Date=20251210T020751Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=03c57f007ec8cc92112eca309b484071bda6671c3bc952e24b4c59d206c127ff"} [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:52.427] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:52.494] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361272493, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130506245061, "etime": 1726130506245061, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54374, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:52.494] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:55.529] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24503 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7de0f9457c2697791c931ce8e7c70c3372c70c12954930659ba171e0874bccb5&X-Amz-Date=20251210T020755Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:55.529] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:55.529] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:55.529] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:55.529] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:55.529] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:55.530] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:55.636] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361275636, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130544472411, "etime": 1726130544472411, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51470, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:55.636] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:07:58.631] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24941 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f26007e097883f1070694f7e47e514788e0fb546e93eb9bfd2ecc109902a4ee4&X-Amz-Date=20251210T020758Z"} [2025-12-10 10:07:58.631] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:07:58.631] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:07:58.631] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:07:58.631] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:07:58.631] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:07:58.632] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:07:58.698] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361278698, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130547543493, "etime": 1726130547543493, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51490, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:07:58.698] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:01.734] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24504 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020801Z&X-Amz-SignedHeaders=host&X-Amz-Signature=03917adc350b3ddfd67e59b91470249d1b2c7b810325d18ceae76b24882da887&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:08:01.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:01.734] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:01.734] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:01.734] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:01.734] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:01.735] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:01.855] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361281854, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130538314294, "etime": 1726130538314294, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51740, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:01.855] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:04.837] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24505 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=96d2fa4362b63cb3294dc9e231f5b523206ce5dd093a415e4e0f94739f99200e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020804Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:04.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:04.837] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:04.837] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:04.837] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:04.837] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:04.838] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:04.976] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361284975, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130604020234, "etime": 1726130604020234, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41946, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:04.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:07.961] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24942 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020807Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2bb78b235ea04fa4a979494bdcf148d923524d5eb3c6a8fd931fadf8841ab319"} [2025-12-10 10:08:07.961] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:07.961] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:07.962] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:07.962] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:07.962] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:07.963] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:08.099] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361288098, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208830209313, "etime": 1726208830209313, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42261, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:08.099] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:11.083] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24943 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl?X-Amz-Signature=1c39b959289923ea2e03819c92788b563e8038508f9f4172969b4241c6b4f862&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020810Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:08:11.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:11.083] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:11.083] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:11.083] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:11.083] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:11.084] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:11.153] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361291153, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726284537353911, "etime": 1726284537353911, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11605, "dest_port": 4433, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:11.153] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:14.203] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24944 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d3f8a3e608815efe9e8886aecdce81766ca04efffee121a446eb87f71fb9a90a&X-Amz-Date=20251210T020813Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:14.203] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:14.203] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:14.203] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:14.203] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:14.204] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:14.204] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:14.270] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361294269, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726023698586201, "etime": 1726023698586201, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50196, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:14.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:17.305] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24506 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020816Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=43fbb2345f53fe8faf41210e5db70e4e75f1484470cb2bb484808b5779fc8071"} [2025-12-10 10:08:17.305] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:17.305] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:17.305] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:17.305] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:17.305] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:17.306] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:17.422] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361297422, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726208539303872, "etime": 1726208539303872, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 42203, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:17.422] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:20.424] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26179 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=12707f2dfb148e4108f7c5a516fef458b3fc4d79838b90fcf0a3e78378ff51c5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020819Z&X-Amz-Expires=604800"} [2025-12-10 10:08:20.424] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:20.424] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:20.424] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:20.424] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:20.424] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:20.425] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:20.542] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361300541, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726023698586201, "etime": 1726023698586201, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50196, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:20.542] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:23.543] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24507 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020823Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4dba3076993f13877d2125af291e9ada2fe7e0874fe1b94434be91bbfd0bd136"} [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:23.544] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:23.610] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361303610, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726040056943634, "etime": 1726040056943634, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49212, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:23.611] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:26.662] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24508 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020826Z&X-Amz-Signature=1aff0f97594f14fdd1c770ad68a7be358183379c9fd073320b9632bb74c35526&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:26.662] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:26.662] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:26.662] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:26.662] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:26.662] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:26.663] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:26.792] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361306792, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726040056943634, "etime": 1726040056943634, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49212, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:26.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:29.782] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26180 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020829Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=64fa82c7778b4a372e934e436a080ec9efc76a98bc8668f87420317fa0b202d5"} [2025-12-10 10:08:29.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:29.783] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:29.783] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:29.783] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:29.783] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:29.784] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:31.168] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl|result:{"code": 0, "total_count": 19, "abnormal_count": 0, "normal_count": 19, "alert_count": 0, "timestamp": 1765361311167, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726211438047912, "etime": 1726211438047912, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49905, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211439060878, "etime": 1726211439060878, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49907, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211441077950, "etime": 1726211441077950, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49909, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211437016054, "etime": 1726211437016054, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49903, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211440059106, "etime": 1726211440059106, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49908, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211430937360, "etime": 1726211430937360, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49900, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211430936217, "etime": 1726211430936217, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49899, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211442108977, "etime": 1726211442108977, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49911, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211434963309, "etime": 1726211434963309, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49901, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211444143812, "etime": 1726211444143812, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49913, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211442091426, "etime": 1726211442091426, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49910, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211445157852, "etime": 1726211445157852, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49914, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211438030443, "etime": 1726211438030443, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49904, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211446169194, "etime": 1726211446169194, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49915, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211439044720, "etime": 1726211439044720, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49906, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211443118720, "etime": 1726211443118720, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49912, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211435990564, "etime": 1726211435990564, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49902, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211447189270, "etime": 1726211447189270, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49916, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211448202926, "etime": 1726211448202926, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49917, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:31.168] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:32.902] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24945 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020832Z&X-Amz-Signature=779f5175b4728174d6c7cef19b223409f7e3482872e197dda70702d05ffa81fa&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:32.902] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:32.902] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:32.902] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:32.902] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:32.902] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:32.903] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:34.226] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl|result:{"code": 0, "total_count": 19, "abnormal_count": 0, "normal_count": 19, "alert_count": 0, "timestamp": 1765361314225, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726211235432555, "etime": 1726211235432555, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49809, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211242687511, "etime": 1726211242687511, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49818, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211240573289, "etime": 1726211240573289, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49816, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211239572376, "etime": 1726211239572376, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49815, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211246757975, "etime": 1726211246757975, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49822, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211235453453, "etime": 1726211235453453, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49810, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211230330659, "etime": 1726211230330659, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49806, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211241664043, "etime": 1726211241664043, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49817, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211226314682, "etime": 1726211226314682, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49804, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211239546331, "etime": 1726211239546331, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49814, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211226315591, "etime": 1726211226315591, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49805, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211244735266, "etime": 1726211244735266, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49820, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211245746994, "etime": 1726211245746994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49821, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211234424442, "etime": 1726211234424442, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49808, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211234356598, "etime": 1726211234356598, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49807, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211236462429, "etime": 1726211236462429, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49811, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211237492946, "etime": 1726211237492946, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49812, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211238518215, "etime": 1726211238518215, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49813, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726211243717323, "etime": 1726211243717323, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49819, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:34.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:36.026] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26181 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020835Z&X-Amz-Signature=262549666fa550124366528f34d89db734f2dad8a46726447292afa426d914a5&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:08:36.026] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:36.026] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:36.026] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:36.026] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:36.026] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:36.027] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:37.391] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl|result:{"code": 0, "total_count": 19, "abnormal_count": 0, "normal_count": 19, "alert_count": 0, "timestamp": 1765361317390, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232119639666, "etime": 1727232119639666, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49241, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232122636829, "etime": 1727232122636829, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49242, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232109592276, "etime": 1727232109592276, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49236, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232122650773, "etime": 1727232122650773, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49243, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232119625195, "etime": 1727232119625195, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49240, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232101568994, "etime": 1727232101568994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49234, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232128680946, "etime": 1727232128680946, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49246, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232125648719, "etime": 1727232125648719, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49244, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232134699906, "etime": 1727232134699906, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49250, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232101567952, "etime": 1727232101567952, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49233, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232116613994, "etime": 1727232116613994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49238, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232131688173, "etime": 1727232131688173, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49248, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232131674752, "etime": 1727232131674752, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49247, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232128663205, "etime": 1727232128663205, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49245, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232116628907, "etime": 1727232116628907, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49239, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232137698976, "etime": 1727232137698976, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49251, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232134686353, "etime": 1727232134686353, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49249, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232105581000, "etime": 1727232105581000, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49235, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727232113603216, "etime": 1727232113603216, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49237, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:37.391] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:39.150] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24509 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020838Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8a732a73fb05fcdb2ddae5d35e5ee123bff4ac9b9b9c358f5d7458b1b377b287&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:39.150] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:39.150] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:39.150] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:39.150] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:39.150] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:39.151] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:40.484] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765361320483, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726211402820524, "etime": 1726211402820524, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49883, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211401806123, "etime": 1726211401806123, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49881, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211407913781, "etime": 1726211407913781, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49889, "dest_port": 51129, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726211397783856, "etime": 1726211397783856, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49880, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211404860751, "etime": 1726211404860751, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49886, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211406889636, "etime": 1726211406889636, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49888, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211409949434, "etime": 1726211409949434, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49894, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211414029330, "etime": 1726211414029330, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49898, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211413007889, "etime": 1726211413007889, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49897, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211410977258, "etime": 1726211410977258, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49895, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211393758786, "etime": 1726211393758786, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49879, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211403834375, "etime": 1726211403834375, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49884, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211403852587, "etime": 1726211403852587, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49885, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211407931216, "etime": 1726211407931216, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49890, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211411992713, "etime": 1726211411992713, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49896, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211405874700, "etime": 1726211405874700, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49887, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211408931218, "etime": 1726211408931218, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49893, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211401826866, "etime": 1726211401826866, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49882, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211393757001, "etime": 1726211393757001, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49878, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:40.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:08:40.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:40.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:08:42.269] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24510 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=780e1a1144791ede623abe2597a889b878c2dc882c6969d1626b5d208ad96b2a&X-Amz-Date=20251210T020841Z"} [2025-12-10 10:08:42.269] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:42.269] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:42.269] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:42.269] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:42.269] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:42.270] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:43.666] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765361323665, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727232004511393, "etime": 1727232004511393, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49213, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231992446250, "etime": 1727231992446250, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49207, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231975365309, "etime": 1727231975365309, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49199, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231995490246, "etime": 1727231995490246, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49209, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727232001495323, "etime": 1727232001495323, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49211, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727232010555997, "etime": 1727232010555997, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49215, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231989448753, "etime": 1727231989448753, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49206, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231995461791, "etime": 1727231995461791, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49208, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231986413742, "etime": 1727231986413742, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49202, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231998482879, "etime": 1727231998482879, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49210, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231983392836, "etime": 1727231983392836, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49201, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231971353033, "etime": 1727231971353033, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49198, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231979377004, "etime": 1727231979377004, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49200, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727232007531798, "etime": 1727232007531798, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49214, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231986437360, "etime": 1727231986437360, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49204, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231989430176, "etime": 1727231989430176, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49205, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231967330495, "etime": 1727231967330495, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49196, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231967331218, "etime": 1727231967331218, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49197, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727231986436102, "etime": 1727231986436102, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49203, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1727232001511906, "etime": 1727232001511906, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "src_port": 49212, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:43.666] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:45.391] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24511 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl?X-Amz-Date=20251210T020844Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f082092b69ef8d740e23197917d499fcd4431be13db3c8228e69841dfc8a3c37&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:45.391] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:45.391] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:45.391] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:45.392] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:45.392] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:45.392] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:46.726] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl|result:{"code": 0, "total_count": 19, "abnormal_count": 0, "normal_count": 19, "alert_count": 0, "timestamp": 1765361326725, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726211375022383, "etime": 1726211375022383, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49874, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211366845958, "etime": 1726211366845958, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49862, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211366862888, "etime": 1726211366862888, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49863, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211368891447, "etime": 1726211368891447, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49865, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211370934535, "etime": 1726211370934535, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49868, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211376033127, "etime": 1726211376033127, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49875, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211378060622, "etime": 1726211378060622, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49877, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211372990825, "etime": 1726211372990825, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49871, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211362818480, "etime": 1726211362818480, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49861, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211367861096, "etime": 1726211367861096, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49864, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211377045153, "etime": 1726211377045153, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49876, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211358804878, "etime": 1726211358804878, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49859, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211369921659, "etime": 1726211369921659, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49867, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211358805643, "etime": 1726211358805643, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49860, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211370974911, "etime": 1726211370974911, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49869, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211371978349, "etime": 1726211371978349, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49870, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211374026962, "etime": 1726211374026962, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49873, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211374003768, "etime": 1726211374003768, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49872, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211368915186, "etime": 1726211368915186, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49866, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:46.726] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:48.509] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24512 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020847Z&X-Amz-Expires=604800&X-Amz-Signature=3147468e447d44949c29df29dbc210c4f051728099b76029aad78b443dd39bb0&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:48.509] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:48.509] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:48.509] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:48.509] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:48.509] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:48.510] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:49.637] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl|result:{"code": 0, "total_count": 17, "abnormal_count": 0, "normal_count": 17, "alert_count": 0, "timestamp": 1765361329636, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726209748334070, "etime": 1726209748334070, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49636, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209769573566, "etime": 1726209769573566, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49644, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209763511358, "etime": 1726209763511358, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49640, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209775639823, "etime": 1726209775639823, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49646, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209760482886, "etime": 1726209760482886, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49639, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209744306483, "etime": 1726209744306483, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49635, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209766535715, "etime": 1726209766535715, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49641, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209740287297, "etime": 1726209740287297, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49633, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209772583519, "etime": 1726209772583519, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49645, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209756467157, "etime": 1726209756467157, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49638, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209778666381, "etime": 1726209778666381, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49648, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209775662132, "etime": 1726209775662132, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49647, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209752408116, "etime": 1726209752408116, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49637, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209740288583, "etime": 1726209740288583, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49634, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209781708246, "etime": 1726209781708246, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49649, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209766554240, "etime": 1726209766554240, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49642, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726209769556670, "etime": 1726209769556670, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49643, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:49.637] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:51.633] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26182 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020851Z&X-Amz-Signature=620da16c6ca73211dc6cc002a84c02b13246fbdad2c9c6c25e360440fe0a3c8f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:51.633] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:51.633] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:51.633] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:51.633] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:51.633] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:51.634] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:52.814] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl|result:{"code": 1, "total_count": 16, "abnormal_count": 1, "normal_count": 15, "alert_count": 1, "timestamp": 1765361332814, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726212719751845, "etime": 1726212719751845, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50127, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212720770251, "etime": 1726212720770251, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50129, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212721829187, "etime": 1726212721829187, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50131, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212714709050, "etime": 1726212714709050, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50124, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212710678781, "etime": 1726212710678781, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50123, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212719767203, "etime": 1726212719767203, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50128, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212710677896, "etime": 1726212710677896, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50122, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212718733226, "etime": 1726212718733226, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50125, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212722835271, "etime": 1726212722835271, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50132, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212718748454, "etime": 1726212718748454, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50126, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212724889659, "etime": 1726212724889659, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50134, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212725906338, "etime": 1726212725906338, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50135, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212726924441, "etime": 1726212726924441, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50136, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212723856379, "etime": 1726212723856379, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50133, "dest_port": 51119, "protocol": "tls", "result": "Antsword"}, {"stime": 1726212721802468, "etime": 1726212721802468, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50130, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212727934034, "etime": 1726212727934034, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50137, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:52.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:08:52.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:52.815] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:08:54.750] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24946 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl?X-Amz-Date=20251210T020854Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=010f4f8d546f481e70da01269e9110b05f62621c3e0d07746dd1af4905def174&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:08:54.750] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:54.750] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:54.751] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:54.751] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:54.751] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:54.752] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:54.839] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361334838, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726121356986947, "etime": 1726121356986947, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 58782, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:08:54.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:08:57.872] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26183 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl?X-Amz-Expires=604800&X-Amz-Signature=ae1c09d8586645c5dd83207bd22024cab42fc2d57e031cf3eb7a2d9ac4390917&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020857Z"} [2025-12-10 10:08:57.872] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:08:57.872] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:08:57.872] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:08:57.872] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:08:57.872] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:08:57.873] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:08:59.076] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 2, "normal_count": 15, "alert_count": 2, "timestamp": 1765361339075, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726212177655990, "etime": 1726212177655990, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49927, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212164536656, "etime": 1726212164536656, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49922, "dest_port": 51119, "protocol": "tls", "result": "Antsword"}, {"stime": 1726212181713014, "etime": 1726212181713014, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49933, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212184750095, "etime": 1726212184750095, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49936, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212185767891, "etime": 1726212185767891, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49937, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212178654207, "etime": 1726212178654207, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49929, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212180677098, "etime": 1726212180677098, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49931, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212183731627, "etime": 1726212183731627, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49935, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212181694676, "etime": 1726212181694676, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49932, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212177617669, "etime": 1726212177617669, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49926, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212178637743, "etime": 1726212178637743, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49928, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212172574412, "etime": 1726212172574412, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49924, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212179656745, "etime": 1726212179656745, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49930, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212164535721, "etime": 1726212164535721, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49921, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212168558024, "etime": 1726212168558024, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49923, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212176600219, "etime": 1726212176600219, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49925, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726212182712446, "etime": 1726212182712446, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 49934, "dest_port": 51119, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:08:59.076] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:08:59.076] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:59.076] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:09:00.987] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24947 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b6665fe3cb654ff542a7dfeee1e42262fa40e2b1070690d3858400c5fa981b6e&X-Amz-Expires=604800&X-Amz-Date=20251210T020900Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:00.987] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:00.987] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:00.987] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:00.987] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:00.987] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:00.988] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:01.215] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl|result:{"code": 0, "total_count": 3, "abnormal_count": 0, "normal_count": 3, "alert_count": 0, "timestamp": 1765361341215, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726045050209568, "etime": 1726045050209568, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49265, "dest_port": 50050, "protocol": "tls", "result": "Normal"}, {"stime": 1726045043846022, "etime": 1726045043846022, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49263, "dest_port": 50050, "protocol": "tls", "result": "Normal"}, {"stime": 1726045047324732, "etime": 1726045047324732, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49264, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:01.216] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:04.106] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24948 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl?X-Amz-Signature=0de9b59f3d7ff9f9f472e4d19a6b77e29c36b719963de1d4fc7e3927b539a65c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T020903Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:04.106] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:04.190] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361344189, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726045050209568, "etime": 1726045050209568, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49265, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:04.190] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:07.220] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24513 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020906Z&X-Amz-Expires=604800&X-Amz-Signature=75fd15cb09a8541a3ef04223067d0316934f366e1ceadbca00c547afcd6c7f45&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:07.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:07.220] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:07.220] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:07.220] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:07.220] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:07.221] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:07.357] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361347356, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726308998337933, "etime": 1726308998337933, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43326, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:09:07.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:09:07.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:07.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:09:10.337] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26184 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl?X-Amz-Date=20251210T020909Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=94cf9dbdeb4cef3306c2d31319d6aeb5188a5e68c3c41ad4039edc548ab03b0e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:10.337] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:10.337] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:10.337] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:10.338] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:10.338] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:10.338] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:10.477] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361350476, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129243752513, "etime": 1726129243752513, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 35157, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:10.477] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:13.459] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24949 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=09f8c4c8f1984d68725bd3e80a5f5ab594568688960d6031642dc86af547213b&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020912Z"} [2025-12-10 10:09:13.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:13.459] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:13.459] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:13.459] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:13.459] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:13.460] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:14.563] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl|result:{"code": 0, "total_count": 15, "abnormal_count": 0, "normal_count": 15, "alert_count": 0, "timestamp": 1765361354562, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726210973838057, "etime": 1726210973838057, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49757, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210989969618, "etime": 1726210989969618, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49762, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210992990897, "etime": 1726210992990897, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49763, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211002070011, "etime": 1726211002070011, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49768, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211008105891, "etime": 1726211008105891, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49771, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210996017811, "etime": 1726210996017811, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49764, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210999041787, "etime": 1726210999041787, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49766, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210973839122, "etime": 1726210973839122, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49758, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211005085035, "etime": 1726211005085035, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49770, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210977867779, "etime": 1726210977867779, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49759, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210999058014, "etime": 1726210999058014, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49767, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211002087971, "etime": 1726211002087971, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49769, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210985948135, "etime": 1726210985948135, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49761, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210996034586, "etime": 1726210996034586, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49765, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210981904445, "etime": 1726210981904445, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49760, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:14.563] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:16.581] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24514 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0b66af8906945157f3649fa23f6ee087c88ca7f38bc090f4147cf547a3273878&X-Amz-Date=20251210T020916Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:16.581] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:16.685] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361356684, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129505442960, "etime": 1726129505442960, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 36703, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:16.685] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:19.695] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24515 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl?X-Amz-Signature=d75de0d6ca2bbb4acb92c63e078a8cc5fc08becc3cd4d2016fe310eabbe1d4ef&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020919Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:19.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:19.696] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:19.696] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:19.696] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:19.696] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:19.697] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:20.811] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl|result:{"code": 0, "total_count": 15, "abnormal_count": 0, "normal_count": 15, "alert_count": 0, "timestamp": 1765361360810, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129519102820, "etime": 1726129519102820, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34338, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129546667192, "etime": 1726129546667192, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58168, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129531312250, "etime": 1726129531312250, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50538, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129534385217, "etime": 1726129534385217, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43376, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129540525621, "etime": 1726129540525621, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43412, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129543587846, "etime": 1726129543587846, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58164, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129523172277, "etime": 1726129523172277, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50518, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129534453295, "etime": 1726129534453295, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43392, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129515036169, "etime": 1726129515036169, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34308, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129527239896, "etime": 1726129527239896, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 50524, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129537459588, "etime": 1726129537459588, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43408, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129549746565, "etime": 1726129549746565, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58182, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129540582098, "etime": 1726129540582098, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 43414, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129515037057, "etime": 1726129515037057, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 34324, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129546741149, "etime": 1726129546741149, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 58174, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:20.811] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:22.834] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24516 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e3ecf51b59fc0fc1550cb9bd2fb8d4035461099019cabbc5d8c9a66befb3bc34&X-Amz-Date=20251210T020922Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:22.834] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:22.936] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361362936, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640074833465, "etime": 1726640074833465, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49272, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:09:22.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:09:22.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:22.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:09:25.946] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24950 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020925Z&X-Amz-Signature=5181b8f245dc3f8b26e1e43d8b87fc532637ea677d46355ac31fe6febd1f5e8c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:25.946] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:25.946] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:25.946] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:25.946] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:25.946] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:25.947] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:26.073] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361366072, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129614772921, "etime": 1726129614772921, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 37337, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:26.073] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:29.058] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26185 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6aa913abf357764fc8c646a225ea2242cb7fca43d8c75a226d358aad775c5c95&X-Amz-Expires=604800&X-Amz-Date=20251210T020928Z"} [2025-12-10 10:09:29.058] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:29.058] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:29.058] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:29.058] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:29.058] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:29.059] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:29.184] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361369183, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129385695214, "etime": 1726129385695214, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 35992, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:29.184] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:32.173] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24517 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020931Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f3617ad9d62cb73e4d0ec931b1ee789fcd99b91101a0a0534c240e062e04406d&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:32.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:32.174] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:32.174] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:32.174] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:32.174] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:32.175] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:33.222] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl|result:{"code": 0, "total_count": 14, "abnormal_count": 0, "normal_count": 14, "alert_count": 0, "timestamp": 1765361373222, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130421152591, "etime": 1726130421152591, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33868, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130424233613, "etime": 1726130424233613, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35934, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130399636819, "etime": 1726130399636819, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47654, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130403707012, "etime": 1726130403707012, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52856, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130407773337, "etime": 1726130407773337, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52870, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130427241682, "etime": 1726130427241682, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35948, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130424166404, "etime": 1726130424166404, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35930, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130399635810, "etime": 1726130399635810, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47642, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130427312254, "etime": 1726130427312254, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35960, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130414939435, "etime": 1726130414939435, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33840, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130415005209, "etime": 1726130415005209, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33856, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130411855319, "etime": 1726130411855319, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52872, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130421086662, "etime": 1726130421086662, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33860, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130418008173, "etime": 1726130418008173, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33858, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:33.223] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:35.286] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26186 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl?X-Amz-Signature=7cab132567e0d8e305be0f4f98695e3eeb4c71462d40e6ac37babb393b89b068&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020934Z"} [2025-12-10 10:09:35.286] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:35.286] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:35.286] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:35.286] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:35.286] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:35.287] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:36.445] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl|result:{"code": 0, "total_count": 14, "abnormal_count": 0, "normal_count": 14, "alert_count": 0, "timestamp": 1765361376444, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130578536187, "etime": 1726130578536187, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36538, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130600951323, "etime": 1726130600951323, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44036, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130578537995, "etime": 1726130578537995, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36554, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130594814192, "etime": 1726130594814192, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44018, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130597888908, "etime": 1726130597888908, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44022, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130610171636, "etime": 1726130610171636, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41988, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130607100947, "etime": 1726130607100947, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41972, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130597951750, "etime": 1726130597951750, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44024, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130601018523, "etime": 1726130601018523, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 44042, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130582597989, "etime": 1726130582597989, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48270, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130586675472, "etime": 1726130586675472, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48286, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130604086777, "etime": 1726130604086777, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41956, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130604020234, "etime": 1726130604020234, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 41946, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726130590746835, "etime": 1726130590746835, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 48288, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:36.445] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:38.387] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26187 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020937Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4db90e51ec9fc95d60fa40349f33558b4753ee90660cef00764cf06d739368a6&X-Amz-Expires=604800"} [2025-12-10 10:09:38.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:38.387] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:38.388] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:38.388] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:38.388] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:38.388] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:38.473] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361378472, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726207397053204, "etime": 1726207397053204, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41979, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:38.473] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:41.499] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24518 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=13888952d530c89b2b5963864d8d0f6ba4ffd32fdaefe666bcd5a42ae022af51&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020941Z"} [2025-12-10 10:09:41.499] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:41.499] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:41.499] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:41.499] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:41.499] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:41.500] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:42.538] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl|result:{"code": 0, "total_count": 14, "abnormal_count": 0, "normal_count": 14, "alert_count": 0, "timestamp": 1765361382538, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130556764604, "etime": 1726130556764604, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 32800, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130541391931, "etime": 1726130541391931, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51754, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130530173006, "etime": 1726130530173006, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47816, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130544539578, "etime": 1726130544539578, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51482, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130541462031, "etime": 1726130541462031, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51766, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130544472411, "etime": 1726130544472411, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51470, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130543068344, "etime": 1726130543068344, "src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "src_port": 55098, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726130547610682, "etime": 1726130547610682, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51500, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130530174603, "etime": 1726130530174603, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 47822, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130547543493, "etime": 1726130547543493, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51490, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130534242035, "etime": 1726130534242035, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51736, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130550614119, "etime": 1726130550614119, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51514, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130538314294, "etime": 1726130538314294, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 51740, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130553691921, "etime": 1726130553691921, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 32786, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:42.538] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:44.620] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24951 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020944Z&X-Amz-Signature=285e174e8008f801e29c3b879e867e750352754afd85ede2cabfbe29498bdea3"} [2025-12-10 10:09:44.620] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:44.620] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:44.621] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:44.621] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:44.621] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:44.621] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:45.566] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl|result:{"code": 0, "total_count": 13, "abnormal_count": 0, "normal_count": 13, "alert_count": 0, "timestamp": 1765361385565, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726131509856449, "etime": 1726131509856449, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44542, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131491450015, "etime": 1726131491450015, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44528, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131499609338, "etime": 1726131499609338, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44532, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131506740386, "etime": 1726131506740386, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44536, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131491448898, "etime": 1726131491448898, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44526, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131503666763, "etime": 1726131503666763, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44534, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131512914351, "etime": 1726131512914351, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44546, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131515912048, "etime": 1726131515912048, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44548, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131515973672, "etime": 1726131515973672, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44550, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131495508059, "etime": 1726131495508059, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44530, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131506799815, "etime": 1726131506799815, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44538, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131509796123, "etime": 1726131509796123, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44540, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131512854841, "etime": 1726131512854841, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44544, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:45.566] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:47.733] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24519 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl?X-Amz-Signature=bf2de6d887f461fe5ed41a28ada51225c8fede4de1ca0627d5e7d4cda4c70ba3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020947Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:47.734] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:48.671] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl|result:{"code": 0, "total_count": 13, "abnormal_count": 0, "normal_count": 13, "alert_count": 0, "timestamp": 1765361388670, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129636547837, "etime": 1726129636547837, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35724, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129653974338, "etime": 1726129653974338, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36982, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129653908234, "etime": 1726129653908234, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36974, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129650834462, "etime": 1726129650834462, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56522, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129656983253, "etime": 1726129656983253, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36990, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129660062800, "etime": 1726129660062800, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 37004, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129640617536, "etime": 1726129640617536, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35730, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129632474958, "etime": 1726129632474958, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35708, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129644682614, "etime": 1726129644682614, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56490, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129647757340, "etime": 1726129647757340, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56494, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129647824887, "etime": 1726129647824887, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 56508, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129632475937, "etime": 1726129632475937, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 35710, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129657051972, "etime": 1726129657051972, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36992, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:48.671] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:50.848] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24952 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl?X-Amz-Signature=d86785d38715b4eea8e6e5bed8bb010b6ff4cb13c30916966cd8e05c066f1a63&X-Amz-Date=20251210T020950Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:50.849] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:51.713] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl|result:{"code": 0, "total_count": 12, "abnormal_count": 0, "normal_count": 12, "alert_count": 0, "timestamp": 1765361391713, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132253023796, "etime": 1726132253023796, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53336, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132249914625, "etime": 1726132249914625, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53330, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132256077876, "etime": 1726132256077876, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53340, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132259074869, "etime": 1726132259074869, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53342, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132262129847, "etime": 1726132262129847, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53344, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132249971605, "etime": 1726132249971605, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53332, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132242809210, "etime": 1726132242809210, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53326, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132252969003, "etime": 1726132252969003, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53334, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132256021915, "etime": 1726132256021915, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53338, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132238749105, "etime": 1726132238749105, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53324, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132238748089, "etime": 1726132238748089, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53322, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726132246862528, "etime": 1726132246862528, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53328, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:51.713] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:53.960] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24953 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl?X-Amz-Date=20251210T020953Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=0c772f969b7f65862a322a2629a2fe1e3ae085cfef294a2814107be421fba0e5"} [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:53.961] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:54.060] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361394060, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129728267240, "etime": 1726129728267240, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 38046, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:54.060] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:09:57.073] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24954 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020956Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a7ee7eb220096c5a5d7394af09b98010fc49c5b20c47530ee8696e4b99f2597a"} [2025-12-10 10:09:57.073] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:09:57.073] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:09:57.073] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:09:57.073] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:09:57.073] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:09:57.074] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:09:57.966] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl|result:{"code": 0, "total_count": 12, "abnormal_count": 0, "normal_count": 12, "alert_count": 0, "timestamp": 1765361397966, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132168993637, "etime": 1726132168993637, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44884, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132156837251, "etime": 1726132156837251, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44878, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132160888987, "etime": 1726132160888987, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44880, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132156836026, "etime": 1726132156836026, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44876, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132172099217, "etime": 1726132172099217, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44888, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132178204905, "etime": 1726132178204905, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44896, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132181204310, "etime": 1726132181204310, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44898, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132172046278, "etime": 1726132172046278, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44886, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132164940623, "etime": 1726132164940623, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44882, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132175097382, "etime": 1726132175097382, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44890, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132175152807, "etime": 1726132175152807, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44892, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132178151026, "etime": 1726132178151026, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44894, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:09:57.966] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:00.188] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26188 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020959Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8dbb9ebb97ecd0e8613eaa1261fda5acb591c1098d6f25b133e2e1778c36708e&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:00.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:00.188] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:00.188] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:00.188] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:00.188] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:00.189] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:01.070] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl|result:{"code": 0, "total_count": 12, "abnormal_count": 0, "normal_count": 12, "alert_count": 0, "timestamp": 1765361401069, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132219302359, "etime": 1726132219302359, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44920, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132207011307, "etime": 1726132207011307, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44906, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132210076668, "etime": 1726132210076668, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44908, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132216193720, "etime": 1726132216193720, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44914, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132216248272, "etime": 1726132216248272, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44916, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132198894650, "etime": 1726132198894650, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44900, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132213139514, "etime": 1726132213139514, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44910, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132202949996, "etime": 1726132202949996, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44904, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132198895715, "etime": 1726132198895715, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44902, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132222298719, "etime": 1726132222298719, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44922, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132213199706, "etime": 1726132213199706, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44912, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132219245930, "etime": 1726132219245930, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44918, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:01.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:03.296] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24520 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f3a0da51c6d70500c37a4f5048ad9fd3b385caab41f842f46137eb86e0bf316e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021002Z"} [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:03.296] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:03.401] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361403400, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726205247630669, "etime": 1726205247630669, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41508, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:10:03.401] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:10:03.401] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:03.401] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:10:06.405] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26189 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=12d5f9130f48e686281b0fcc277f9c7eb301e5762e752fc44a1d2afc59b46f92"} [2025-12-10 10:10:06.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:06.405] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:06.405] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:06.405] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:06.406] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:06.406] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:06.535] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361406534, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726206667249072, "etime": 1726206667249072, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41822, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:10:06.535] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:10:06.535] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:06.535] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:10:09.517] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24955 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=004a5b3f01e6ecbd78029e2df87d91745d973fd0bc527dcb427b988ca880dd4c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021009Z&X-Amz-Expires=604800"} [2025-12-10 10:10:09.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:09.517] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:09.517] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:09.517] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:09.517] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:09.518] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:09.629] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361409629, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308973025823, "etime": 1726308973025823, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43324, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:09.630] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:12.629] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26190 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl?X-Amz-Signature=d6a093a487bd73aba09ea57399bb58d5f22e52c8269e824310db81ecd61bbca4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021012Z"} [2025-12-10 10:10:12.629] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:12.629] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:12.629] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:12.629] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:12.629] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:12.630] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:13.537] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl|result:{"code": 0, "total_count": 12, "abnormal_count": 0, "normal_count": 12, "alert_count": 0, "timestamp": 1765361413537, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726131748392771, "etime": 1726131748392771, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53140, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131743130308, "etime": 1726131743130308, "src_ip": "192.168.112.135", "dest_ip": "91.189.91.96", "src_port": 54536, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726131745340819, "etime": 1726131745340819, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53136, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131757548432, "etime": 1726131757548432, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53150, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131737235225, "etime": 1726131737235225, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53128, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131741287816, "etime": 1726131741287816, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53132, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131754496294, "etime": 1726131754496294, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53148, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131737236218, "etime": 1726131737236218, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53130, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131748446949, "etime": 1726131748446949, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53142, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131751498481, "etime": 1726131751498481, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53146, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131751444658, "etime": 1726131751444658, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53144, "dest_port": 51119, "protocol": "tls", "result": "Normal"}, {"stime": 1726131745395316, "etime": 1726131745395316, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 53138, "dest_port": 51119, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:13.537] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:15.740] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24521 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021015Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bb840f9f34a6cf5de6f525aa047fce886c7748c0154a2831819b78d5bb32b9e9&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:10:15.740] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:15.740] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:15.741] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:15.741] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:15.741] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:15.741] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:16.609] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl|result:{"code": 0, "total_count": 12, "abnormal_count": 0, "normal_count": 12, "alert_count": 0, "timestamp": 1765361416608, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129584155492, "etime": 1726129584155492, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52090, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129584156504, "etime": 1726129584156504, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52104, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129599418463, "etime": 1726129599418463, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45860, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129588557992, "etime": 1726129588557992, "src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "src_port": 40916, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726129599484661, "etime": 1726129599484661, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45862, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129602495128, "etime": 1726129602495128, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33044, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129602562634, "etime": 1726129602562634, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33056, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129605568976, "etime": 1726129605568976, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33072, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129596344217, "etime": 1726129596344217, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45844, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129605640973, "etime": 1726129605640973, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 33074, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129588213011, "etime": 1726129588213011, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 52112, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726129592277569, "etime": 1726129592277569, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 45842, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:16.609] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:18.851] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24956 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021018Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a87aa13a080ea79ff24f2514bc3e6895b8584ed8cdf4b885f5746b23049b7d22"} [2025-12-10 10:10:18.851] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:18.851] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:18.852] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:18.852] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:18.852] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:18.852] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:19.655] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl|result:{"code": 0, "total_count": 11, "abnormal_count": 0, "normal_count": 11, "alert_count": 0, "timestamp": 1765361419654, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726131654819117, "etime": 1726131654819117, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44670, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131674136277, "etime": 1726131674136277, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44684, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131677196698, "etime": 1726131677196698, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44688, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131654820184, "etime": 1726131654820184, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44672, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131658873111, "etime": 1726131658873111, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44674, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131662925620, "etime": 1726131662925620, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44676, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131674080463, "etime": 1726131674080463, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44682, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131677132622, "etime": 1726131677132622, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44686, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131666977067, "etime": 1726131666977067, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44678, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131671029055, "etime": 1726131671029055, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44680, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131677196756, "etime": 1726131677196756, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44690, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:19.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:21.952] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24522 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021021Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7c06dea550eb910b0ea1a20e9971314dce4365095bde625755bfcec907e18eaa"} [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:21.953] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:22.030] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361422029, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204011455758, "etime": 1726204011455758, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41292, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:22.030] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:25.053] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24957 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021024Z&X-Amz-Signature=05f4028911cb5627d0225d3808095f7a1d45e781c098ace2b9cfba17b3fecf71&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:10:25.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:25.054] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:25.054] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:25.054] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:25.054] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:25.055] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:25.183] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361425183, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206182110453, "etime": 1726206182110453, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41718, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:25.183] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:28.158] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24523 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021027Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d71f24bbfd6fd7c78e101e9c7c677b11d0b83101b4026fdcbeafb5eb59970667&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:28.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:28.158] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:28.158] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:28.158] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:28.158] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:28.159] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:28.284] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361428284, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646627631971, "etime": 1726646627631971, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62918, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:28.284] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:31.270] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24524 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fd256164e3f8243879b69c6933b3f37ada0917f44eed12b3d129be06cb0fed72&X-Amz-Expires=604800&X-Amz-Date=20251210T021030Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:10:31.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:31.270] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:31.270] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:31.271] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:31.271] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:31.271] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:32.017] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765361432016, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726131708154480, "etime": 1726131708154480, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44708, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131701049963, "etime": 1726131701049963, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44704, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131696993827, "etime": 1726131696993827, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44700, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131705102088, "etime": 1726131705102088, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44706, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131711207836, "etime": 1726131711207836, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44712, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131696994967, "etime": 1726131696994967, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44702, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131714261053, "etime": 1726131714261053, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44718, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131708209743, "etime": 1726131708209743, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44710, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131711263685, "etime": 1726131711263685, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44716, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726131711263759, "etime": 1726131711263759, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44714, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:32.017] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:34.382] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26191 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021033Z&X-Amz-Signature=fe5e2415668c1e322af7d24bddb5c52159e6fd24afd724d79aef99cb3e4b1d3e"} [2025-12-10 10:10:34.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:34.382] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:34.382] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:34.382] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:34.382] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:34.383] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:35.111] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765361435111, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132110990322, "etime": 1726132110990322, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44842, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132120173753, "etime": 1726132120173753, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44852, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132114121975, "etime": 1726132114121975, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44846, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132102860077, "etime": 1726132102860077, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44836, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132106925041, "etime": 1726132106925041, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44840, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132117120758, "etime": 1726132117120758, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44848, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132114057240, "etime": 1726132114057240, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44844, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132117175505, "etime": 1726132117175505, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44850, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132102861172, "etime": 1726132102861172, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44838, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726132120257583, "etime": 1726132120257583, "src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "src_port": 44854, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:35.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:37.492] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26192 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021037Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c17db4b7be142bff6c127246902dadb04e86a34e4738f0c60b3772bb79b225d1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:10:37.492] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:37.492] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:37.493] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:37.493] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:37.493] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:37.493] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:38.238] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765361438237, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726130491924477, "etime": 1726130491924477, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38790, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130495999516, "etime": 1726130495999516, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 36998, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130500091262, "etime": 1726130500091262, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 37014, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130506316604, "etime": 1726130506316604, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54386, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130503165571, "etime": 1726130503165571, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54358, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130487857094, "etime": 1726130487857094, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38776, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130487856048, "etime": 1726130487856048, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 38764, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130503236949, "etime": 1726130503236949, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54372, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130506245061, "etime": 1726130506245061, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54374, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726130503236536, "etime": 1726130503236536, "src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "src_port": 54360, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:38.238] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:40.594] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24958 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5fd584a3468fe51bbff400bbc43e256d0ccbb4e41a32af1de0adede75ed8a9d0&X-Amz-Date=20251210T021040Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:10:40.594] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:40.594] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:40.594] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:40.594] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:40.594] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:40.595] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:40.693] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361440693, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644126537811, "etime": 1726644126537811, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62608, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:40.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:43.702] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24959 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021043Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=77020981d688511a975d5efbf9b17be1f557519d414860bed1cf2614cf0f5f4c"} [2025-12-10 10:10:43.702] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:43.702] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:43.702] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:43.702] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:43.702] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:43.703] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:43.824] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361443823, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519637909236, "etime": 1727519637909236, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62980, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:43.824] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:46.810] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24960 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e72af47a41e4edc64af9735237da4f67e64d3b48837cac93c03968de04a99778&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021046Z"} [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:46.810] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:46.898] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361446897, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727518664881158, "etime": 1727518664881158, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62113, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:10:46.898] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:10:46.898] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:46.898] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:10:49.918] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24525 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl?X-Amz-Date=20251210T021049Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=9fb7deeae4285b04c5f90200b52e37aec1b31d194f7e29cb450b8852b58e4cec&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:49.919] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:50.034] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361450033, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727436527179967, "etime": 1727436527179967, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50940, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:10:50.034] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:10:50.034] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:50.034] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:10:53.022] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26193 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6bc11eb61454a7579442afd056f9ed519550aaffa3839538566939387b4580b5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021052Z"} [2025-12-10 10:10:53.022] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:53.022] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:53.022] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:53.022] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:53.022] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:53.023] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:53.141] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361453141, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646726785679, "etime": 1726646726785679, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62935, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:53.141] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:10:56.131] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24961 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T021055Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cf9f48b862a78d60cb3de031e89f36aae7b1e47f519b4c0f31a69091a328fef7"} [2025-12-10 10:10:56.131] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:56.131] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:56.131] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:56.131] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:56.131] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:56.132] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:56.255] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361456255, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727520252457566, "etime": 1727520252457566, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63540, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:10:56.255] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:10:56.255] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:56.255] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:10:59.232] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24526 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl?X-Amz-Signature=c6f16c5feb071572f98368e61d337d22820a723d252befc61739530d83e63778&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021058Z&X-Amz-Expires=604800"} [2025-12-10 10:10:59.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:10:59.232] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:10:59.232] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:10:59.232] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:10:59.232] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:10:59.233] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:10:59.302] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361459301, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520061610068, "etime": 1727520061610068, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63357, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:10:59.302] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:02.334] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24527 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021101Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c3b2a32004f593c71d335e5399610473bb22eabf691d62cbc35e313cd0e21d31&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:02.334] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:02.334] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:02.334] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:02.334] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:02.334] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:02.335] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:02.448] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361462447, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519464188012, "etime": 1727519464188012, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62813, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:02.448] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:05.435] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26194 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl?X-Amz-Signature=d0661967eed82f99b1d2c9c02deaaff426ffc26ef2604bef3d254a5a10f944a9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021104Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:05.435] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:05.436] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:05.436] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:05.436] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:05.436] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:05.436] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:05.531] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361465530, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518196546293, "etime": 1727518196546293, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61694, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:05.531] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:08.536] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24962 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=cc1c0e7e988d25f049ae851062a08a3063c682120f885be07a9ee79c9b409471&X-Amz-Expires=604800&X-Amz-Date=20251210T021108Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:08.536] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:08.536] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:08.536] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:08.536] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:08.536] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:08.537] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:08.675] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361468674, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436123413351, "etime": 1727436123413351, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50566, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:08.675] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:11.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24963 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl?X-Amz-Signature=970634f0f833640a657d580997b70e996817cb6b6ab61845de92ac3616e54717&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021111Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:11:11.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:11.639] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:11.639] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:11.639] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:11.639] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:11.640] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:11.755] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361471754, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646726785982, "etime": 1726646726785982, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62936, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:11.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:14.744] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24528 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl?X-Amz-Signature=b0e8c8297f3433cb905e51e795ee2d6ed85bf962bb906f855378f6cdd831570a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021114Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:14.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:14.744] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:14.744] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:14.745] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:14.745] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:14.745] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:14.811] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361474810, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726283919586131, "etime": 1726283919586131, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11102, "dest_port": 4433, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:11:14.811] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:11:14.811] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:14.811] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:17.847] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24529 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl?X-Amz-Signature=21914341644cc63a37b467535565236560fffcb1c8216ac46cea9bfe258d59ba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T021117Z"} [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:17.847] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:17.913] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361477913, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644233062572, "etime": 1726644233062572, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62622, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:17.913] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:20.949] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24964 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl?X-Amz-Signature=936fe2fe77710608af1400d52dc5d7fd1e2afd8fe795fe3d7b2a9b6d3311a731&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021120Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:20.949] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:20.949] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:20.949] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:20.949] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:20.949] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:20.950] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:21.069] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361481069, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646865227835, "etime": 1726646865227835, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62953, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:21.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:24.055] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24530 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021123Z&X-Amz-Signature=8c57f2bad54821ae2d6606f6feaf121facd447aab42d58a17283253b6a7905b3"} [2025-12-10 10:11:24.055] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:24.055] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:24.055] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:24.055] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:24.055] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:24.056] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:24.123] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361484122, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436524488301, "etime": 1727436524488301, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50936, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:24.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:27.160] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24531 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b84f2b8a86e2e2d6584ebac7d51f71bd39644d9a75154e8e1dfb77298d3cbe84&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021126Z&X-Amz-Expires=604800"} [2025-12-10 10:11:27.160] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:27.160] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:27.160] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:27.160] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:27.160] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:27.161] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:27.275] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361487274, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519635215763, "etime": 1727519635215763, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62976, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:27.275] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:30.265] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24965 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021129Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d61b6453f7f9a450111ff321097aa19874035159bb82a73f12cfc1e5fe765661"} [2025-12-10 10:11:30.265] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:30.265] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:30.266] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:30.266] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:30.266] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:30.267] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:30.397] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361490397, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726284624194161, "etime": 1726284624194161, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11619, "dest_port": 4433, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:11:30.397] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:11:30.397] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:30.397] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:33.375] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24532 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=60a34e17174e99a41783e3e06c6097c97d8eee90b2a495e1dfcb48474a126502&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021132Z"} [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:33.376] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:33.443] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361493443, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518662980922, "etime": 1727518662980922, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62111, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:33.443] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:36.481] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26195 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=a823f249b7ccdb979d67835704feefc2643a521d8e1a8036df5134d21f73988f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021135Z"} [2025-12-10 10:11:36.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:36.481] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:36.482] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:36.482] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:36.482] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:36.482] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:36.593] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361496592, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520249913160, "etime": 1727520249913160, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63537, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:36.593] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:39.588] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24966 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5ebe4f7e7e4d39068bc20e2f66cc0b8966d1ba9b31b1d643ea534413b4349c13&X-Amz-Date=20251210T021139Z"} [2025-12-10 10:11:39.588] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:39.588] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:39.588] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:39.588] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:39.588] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:39.589] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:40.046] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl|result:{"code": 1, "total_count": 7, "abnormal_count": 7, "normal_count": 0, "alert_count": 7, "timestamp": 1765361500046, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726816604578792, "etime": 1726816604578792, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51867, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726816528714237, "etime": 1726816528714237, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51864, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726816680523235, "etime": 1726816680523235, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51870, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726816544146461, "etime": 1726816544146461, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51865, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726816695962690, "etime": 1726816695962690, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51871, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726816620073716, "etime": 1726816620073716, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51868, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726816453262985, "etime": 1726816453262985, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51862, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:11:40.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 7|max_alert: 1000 [2025-12-10 10:11:40.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:40.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:42.695] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24533 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021142Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7b48d894ea27ca4d5577115efd7c37ee5f380044b0cb75bab0cb5653ec2c24cc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:42.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:42.695] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:42.695] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:42.695] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:42.695] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:42.696] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:43.167] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl|result:{"code": 1, "total_count": 7, "abnormal_count": 7, "normal_count": 0, "alert_count": 7, "timestamp": 1765361503167, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726795427218369, "etime": 1726795427218369, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51109, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726795578971037, "etime": 1726795578971037, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51115, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726795503111499, "etime": 1726795503111499, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51112, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726795563520347, "etime": 1726795563520347, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726795336342989, "etime": 1726795336342989, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726795487649673, "etime": 1726795487649673, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51111, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726795411785346, "etime": 1726795411785346, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51108, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:11:43.167] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 7|max_alert: 1000 [2025-12-10 10:11:43.167] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:43.167] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:45.801] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24967 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl?X-Amz-Signature=a8f324a2ced794c6497e47dd42d653dd9bbf6650903d20fa6485b39c0f8c68c2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021145Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:45.801] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:45.801] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:45.801] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:45.802] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:45.802] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:45.802] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:46.324] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl|result:{"code": 1, "total_count": 7, "abnormal_count": 7, "normal_count": 0, "alert_count": 7, "timestamp": 1765361506323, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726799420509946, "etime": 1726799420509946, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51216, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726799571828221, "etime": 1726799571828221, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51221, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726799647723038, "etime": 1726799647723038, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51224, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726799663177744, "etime": 1726799663177744, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51225, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726799511389872, "etime": 1726799511389872, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51219, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726799587285373, "etime": 1726799587285373, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51222, "dest_port": 446, "protocol": "tls", "result": "Antsword"}, {"stime": 1726799495966027, "etime": 1726799495966027, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51218, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:11:46.324] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 7|max_alert: 1000 [2025-12-10 10:11:46.324] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:46.324] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:48.909] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24534 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021148Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4443ccf8a961e28d0f56c72193b45963633bf75818252db23b59d927e78b4040&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:48.909] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:48.909] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:48.909] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:48.909] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:48.909] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:48.910] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:49.431] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl|result:{"code": 1, "total_count": 7, "abnormal_count": 7, "normal_count": 0, "alert_count": 7, "timestamp": 1765361509430, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726813793688295, "etime": 1726813793688295, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51771, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726813550942625, "etime": 1726813550942625, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51762, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726813641874483, "etime": 1726813641874483, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51765, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726813702346496, "etime": 1726813702346496, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51767, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726813717803763, "etime": 1726813717803763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51768, "dest_port": 446, "protocol": "tls", "result": "Antsword"}, {"stime": 1726813778251253, "etime": 1726813778251253, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51770, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726813626421720, "etime": 1726813626421720, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51764, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:11:49.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 7|max_alert: 1000 [2025-12-10 10:11:49.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:49.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:11:52.010] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24968 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021151Z&X-Amz-SignedHeaders=host&X-Amz-Signature=7d2626dde6e59c294b8f16b86c0c5d2f37ebf0c7df02888b19891e7286820fcf"} [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:52.011] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:52.108] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361512107, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436120775585, "etime": 1727436120775585, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50563, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:52.108] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:55.112] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24535 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021154Z&X-Amz-Signature=b58ad9cac69df3e48673c2bd6396f025af4bbe93c6596cfe06cc068918761785&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:55.112] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:55.112] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:55.112] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:55.113] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:55.113] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:55.113] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:55.240] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361515240, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519462216316, "etime": 1727519462216316, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62811, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:55.240] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:11:58.214] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26196 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d2c3a1d16d09f14b98b41fd12f561081bea5db949f0bcfcedbfaaf95c54425cb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021157Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:11:58.214] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:11:58.214] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:11:58.215] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:11:58.215] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:11:58.215] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:11:58.216] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:11:58.338] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361518337, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520059453180, "etime": 1727520059453180, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63355, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:11:58.338] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:01.317] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24969 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021200Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f66148789f931088514ecf5f33ee3cf16544b4570f368d1a3679799995cb4f8e"} [2025-12-10 10:12:01.317] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:01.317] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:01.317] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:01.317] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:01.317] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:01.318] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:01.446] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361521445, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518193719441, "etime": 1727518193719441, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61690, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:01.446] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:04.420] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24970 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021203Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bb971add699a166e6934e9fc881bbc86bf0015a6464c6bec7994d012e311bc4a&X-Amz-Expires=604800"} [2025-12-10 10:12:04.420] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:04.420] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:04.421] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:04.421] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:04.421] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:04.421] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:04.540] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361524539, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645187405335, "etime": 1726645187405335, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62740, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:04.540] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:07.524] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26197 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=af67d6d4722cedd37e6df32777d41c413f85af4deee5ba3d160570aa661cf3a5&X-Amz-Expires=604800&X-Amz-Date=20251210T021207Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:12:07.524] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:07.524] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:07.525] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:07.525] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:07.525] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:07.526] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:07.647] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361527646, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725956951388497, "etime": 1725956951388497, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 25209, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:12:07.647] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:12:07.647] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:07.647] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:12:10.628] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26198 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl?X-Amz-Signature=886658110895cb145949c2092da1341e6a2e9d94c18ea2537baf4301ac69b68e&X-Amz-Date=20251210T021210Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:10.628] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:10.628] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:10.629] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:10.629] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:10.629] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:10.629] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:10.746] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361530745, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726308966105971, "etime": 1726308966105971, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43323, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:12:10.746] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:12:10.746] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:10.746] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:12:13.733] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24536 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl?X-Amz-Date=20251210T021213Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e1482ad589d475e6b242cce6da1d5a7a09cac3b799478609916bd5351d49e5df&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:13.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:13.733] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:13.734] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:13.734] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:13.734] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:13.735] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:13.866] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361533866, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726283912691028, "etime": 1726283912691028, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11098, "dest_port": 4433, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:13.866] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:16.835] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24537 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl?X-Amz-Date=20251210T021216Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=aa86baddd7d43bdb4a7b5649c73b9f5f6cc08a0198e2e5dccbaaac2e592e8534&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:12:16.835] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:16.835] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:16.835] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:16.835] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:16.836] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:16.836] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:16.965] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361536965, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726642569465439, "etime": 1726642569465439, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62395, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:16.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:19.939] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24538 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl?X-Amz-Signature=9fc6c95c0ff967c3ea86fc620b6f42e3305d4a7da038965fc67cac2e871078d7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021219Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:19.940] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:19.940] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:19.940] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:19.940] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:19.940] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:19.941] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:20.066] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361540065, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726127499935902, "etime": 1726127499935902, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 53296, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:12:20.066] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:12:20.066] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:20.066] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:12:23.041] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24971 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=02f1a3bd8d3cfc7530d11cf8b57c18fcb5a7991a66b52186f5df8a691d96826f&X-Amz-Date=20251210T021222Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:12:23.041] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:23.041] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:23.041] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:23.041] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:23.041] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:23.042] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:23.169] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361543168, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726643269345701, "etime": 1726643269345701, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62482, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:23.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:26.142] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24972 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl?X-Amz-Signature=5811646b5ca109e54e94037be0a549c33ceff8d3b4fed1a7f8ae630f40aaa7ac&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021225Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:26.142] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:26.142] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:26.142] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:26.143] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:26.143] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:26.143] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:26.269] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361546268, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726642849330442, "etime": 1726642849330442, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62436, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:26.269] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:29.244] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26199 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021228Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=898029f1cc2719b17e9add06a2bacb538191b6b2c9ce2595437684cfd92f22f2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:29.245] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:29.245] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:29.245] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:29.245] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:29.245] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:29.246] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:29.377] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361549377, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726642989595738, "etime": 1726642989595738, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62453, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:29.377] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:32.345] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24539 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021231Z&X-Amz-Signature=ccc3d7861cef6929a5c5f7019440de1b5da03a5399cf92b4cfb6d4890bb74f29"} [2025-12-10 10:12:32.345] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:32.345] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:32.345] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:32.345] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:32.345] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:32.346] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:32.469] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361552468, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726642946352391, "etime": 1726642946352391, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62447, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:32.469] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:35.447] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26200 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl?X-Amz-Date=20251210T021234Z&X-Amz-Signature=95379c6620e8cfd619c26e2eca30b120969905b59dc690f60006a31a0976cf44&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:35.447] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:35.447] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:35.447] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:35.447] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:35.447] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:35.448] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:35.580] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361555579, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726196734772351, "etime": 1726196734772351, "src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "src_port": 58000, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:35.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:38.552] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24540 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e18795783dc1c8dc2822006d227a5cab6af8f3e7c09e87a2c9fb6b33ffadc729&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021238Z"} [2025-12-10 10:12:38.552] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:38.552] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:38.552] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:38.552] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:38.552] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:38.553] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:38.671] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361558671, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519643045627, "etime": 1727519643045627, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62986, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:38.671] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:41.656] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24973 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021241Z&X-Amz-Signature=aab45b1a2df6dd1f8e89be890889a5b36715d800f51d00037d41413cf7864ae2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:41.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:41.656] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:41.656] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:41.656] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:41.657] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:41.657] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:41.787] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361561786, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518671363171, "etime": 1727518671363171, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62121, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:41.787] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:44.760] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24541 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl?X-Amz-Date=20251210T021244Z&X-Amz-Signature=0296dbc55b0c1b26907d51b08815f0cb4c7644e6fbc100904631003a482a3c6e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:44.760] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:44.760] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:44.760] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:44.760] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:44.760] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:44.761] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:44.890] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361564889, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436533173627, "etime": 1727436533173627, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50946, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:44.890] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:47.863] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26201 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=abe124b8a8d8d247873397b470fe65225e1fed0311bfb130661a9fbfb5dfbf6b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021247Z"} [2025-12-10 10:12:47.863] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:47.863] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:47.863] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:47.863] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:47.863] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:47.864] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:47.993] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361567993, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726796463705132, "etime": 1726796463705132, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51146, "dest_port": 22, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:47.993] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:50.965] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26202 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl?X-Amz-Signature=35757661b7b98fd8f7fa9ce01d69d7ad170d3f90cfd3153dd41ccf2339e55dc9&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T021250Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:12:50.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:50.965] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:50.965] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:50.965] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:50.965] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:50.966] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:51.093] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361571093, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726814723520596, "etime": 1726814723520596, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51804, "dest_port": 22, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:51.093] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:54.068] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24542 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021253Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c1caf6dace1fadb2a42f950c33cf67a4008b85bbe6d9804db1783e81b4089dbd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:54.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:54.068] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:54.069] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:54.196] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361574195, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726817548826889, "etime": 1726817548826889, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51901, "dest_port": 22, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:54.196] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:12:57.169] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26203 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021256Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a8f11846d4c80642a613fccdac0463b52a54e06f48299e2a0a62964bc2e06822&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:57.169] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:12:57.169] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:12:57.170] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:12:57.170] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:12:57.170] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:12:57.171] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:12:57.298] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361577298, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726800660429479, "etime": 1726800660429479, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51264, "dest_port": 22, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:12:57.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:00.274] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24974 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021259Z&X-Amz-Signature=eb9eecf50cb0160bddb200c55b61f0cc63aaf16332151984b5ca0effbc4d6a14&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:00.274] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:00.274] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:00.275] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:00.275] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:00.275] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:00.276] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:00.405] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361580405, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255896596916, "etime": 1727255896596916, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43405, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:13:00.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:00.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:00.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:03.443] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26204 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl?X-Amz-Signature=5f2f9c882a28da78e138eed28c29c693aef062f923f813abb279ab4a1fd490ef&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021302Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:03.443] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:03.443] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:03.443] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:03.444] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:03.444] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:03.444] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:03.572] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361583572, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050776178196, "etime": 1726050776178196, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50482, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:13:03.572] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:03.572] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:03.572] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:06.547] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24975 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl?X-Amz-Date=20251210T021306Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d330a15dfa3d83d9298d60a2ce80b4139ff19a26cadba216cef6c6d8f6b5a257&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:06.547] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:06.547] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:06.547] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:06.547] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:06.547] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:06.548] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:06.677] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361586676, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726308992317846, "etime": 1726308992317846, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43325, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:13:06.677] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:06.677] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:06.677] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:09.652] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24543 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d05d2e0489f345500ae00fedc1695bd7759fe5eb38660ac7044c8569424a314d&X-Amz-Date=20251210T021309Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:13:09.652] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:09.652] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:09.652] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:09.652] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:09.652] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:09.653] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:09.781] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361589781, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255892775960, "etime": 1727255892775960, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43404, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:13:09.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:09.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:09.782] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:12.755] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26205 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e4e4204b1615d0b2ef9bbc4cabc73e3fade080368240e55df3c91da0ebf38048&X-Amz-Date=20251210T021312Z"} [2025-12-10 10:13:12.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:12.755] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:12.755] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:12.755] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:12.755] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:12.756] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:12.885] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361592884, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727520257279740, "etime": 1727520257279740, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63545, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:13:12.885] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:12.885] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:12.885] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:15.857] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24544 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021315Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e3928b84349a2f28f86c4879b30c47dcd1ecf3a45632fe76d96d504b1b0fa3ce&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:15.857] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:15.857] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:15.857] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:15.857] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:15.857] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:15.858] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:15.983] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361595982, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726715909865737, "etime": 1726715909865737, "src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "src_port": 62462, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:15.983] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:18.960] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26206 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2fe750273069abb964f6182058e71a050fee7a8681be336972b233c281b7a581&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021318Z"} [2025-12-10 10:13:18.961] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:18.961] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:18.961] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:18.961] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:18.961] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:18.962] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:19.091] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361599090, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255901501127, "etime": 1727255901501127, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43406, "dest_port": 8443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:13:19.091] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:19.091] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:19.091] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:22.064] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26207 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021321Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=cef9389243d708d5f27a42edd49a5c5157f13d90848b22e022792b3c640ccee7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:22.064] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:22.064] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:22.064] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:22.064] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:22.064] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:22.065] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:22.194] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361602193, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436517064545, "etime": 1727436517064545, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50930, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:22.194] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:25.167] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24976 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl?X-Amz-Signature=8af6e87a2a7680d1dbd6c2e385b126c86cf2d96576a1a3431d6fb7e866dc717d&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021324Z"} [2025-12-10 10:13:25.168] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:25.168] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:25.168] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:25.168] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:25.168] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:25.169] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:25.281] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361605280, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255889353821, "etime": 1727255889353821, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43403, "dest_port": 8443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:13:25.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:25.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:25.281] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:28.270] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24545 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl?X-Amz-Expires=604800&X-Amz-Signature=ac781a148440e7de5249ed744225422473650f12b02c11aba7a06cc064913c93&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021327Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:28.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:28.271] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:28.271] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:28.271] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:28.271] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:28.272] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:28.398] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361608398, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518658614789, "etime": 1727518658614789, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62106, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:28.398] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:31.375] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24977 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021330Z&X-Amz-Expires=604800&X-Amz-Signature=f372f1a9bee116d9f33923079da5c038f3172a32b73555702887c31237a6d3ee&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:31.375] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:31.375] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:31.375] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:31.375] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:31.375] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:31.376] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:31.504] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361611503, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255881500869, "etime": 1727255881500869, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43401, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:13:31.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:13:31.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:31.504] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:13:34.478] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24978 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021333Z&X-Amz-Expires=604800&X-Amz-Signature=fe6f1253bde4b2ef10e938ad0d8b687a6fa8acaff40ddfae0156595e7625c1df&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:34.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:34.478] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:34.479] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:34.479] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:34.479] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:34.480] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:34.607] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361614607, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519631027401, "etime": 1727519631027401, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62972, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:34.607] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:37.583] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26208 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=27463cce061567fb5761ba20a5bea3422193db7e645e3d042bae32c7a09c2ae9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021337Z"} [2025-12-10 10:13:37.583] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:37.583] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:37.583] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:37.583] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:37.583] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:37.584] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:37.715] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361617714, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519628526946, "etime": 1727519628526946, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62969, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:37.715] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:40.687] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26209 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl?X-Amz-Date=20251210T021340Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=86d1778226ae771605d0e83a2b1ab879b2e0fb62a7ee4eda159a391af4975161&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:40.687] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:40.687] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:40.687] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:40.687] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:40.687] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:40.688] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:40.816] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361620815, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518653901400, "etime": 1727518653901400, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62102, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:40.816] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:43.791] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26210 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b55692da07705ffc8328d7288c23a2530d87cbc4ce1887e90f955c419e212b6d&X-Amz-Date=20251210T021343Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:43.792] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:43.792] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:43.792] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:43.792] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:43.792] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:43.793] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:43.912] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361623912, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308782934894, "etime": 1726308782934894, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43318, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:43.912] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:46.895] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24546 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b52c499cdcfdc30fc6bf004db16eddb78125d7f5daa8443b19de5a2bd3bbe831&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021346Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:46.895] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:46.895] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:46.895] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:46.895] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:46.895] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:46.896] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:47.022] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361627022, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436513735489, "etime": 1727436513735489, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50926, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:47.022] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:49.996] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26211 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6d9be1459d56acb674755fa693a22d17d1a3b8f436ce0a06b304293d9893824b&X-Amz-Expires=604800&X-Amz-Date=20251210T021349Z"} [2025-12-10 10:13:49.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:49.996] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:49.996] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:49.996] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:49.996] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:49.997] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:50.097] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361630096, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518203714139, "etime": 1727518203714139, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61701, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:50.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:53.100] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24547 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021352Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=ff89d7bb07e38d5850b696b50ff0991dd61ef18285ddfae24d4e3ea2371b6e79&X-Amz-Expires=604800"} [2025-12-10 10:13:53.100] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:53.100] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:53.100] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:53.100] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:53.100] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:53.101] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:53.167] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361633167, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726308954717737, "etime": 1726308954717737, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43322, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:53.167] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:56.201] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24979 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=319c6b05b7c7a915f5998cfe5e2a60961c099086c391580fd0ca35cc2c64e83e&X-Amz-Date=20251210T021355Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:56.201] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:56.201] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:56.202] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:56.202] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:56.202] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:56.202] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:56.269] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361636269, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520066601887, "etime": 1727520066601887, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63363, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:56.269] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:13:59.302] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26212 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=153005295dfb15c530e03f6535b3c4ed6aa657cd6ed10e5efe89ddab28d7e038&X-Amz-Date=20251210T021358Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:13:59.302] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:13:59.302] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:13:59.303] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:13:59.303] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:13:59.303] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:13:59.303] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:13:59.369] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361639369, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436132979219, "etime": 1727436132979219, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50577, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:13:59.369] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:02.407] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26213 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ba793ddd8cff1eda3143eae755cfaf15254f6ff61e3579023dc8b7824e312584&X-Amz-Date=20251210T021401Z&X-Amz-Expires=604800"} [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:02.407] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:02.515] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361642514, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727519640388395, "etime": 1727519640388395, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62983, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:14:02.515] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:14:02.515] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:02.515] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:14:05.508] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26214 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021404Z&X-Amz-Signature=09bf3c4221d1b5acc9b1c950675decfabeca4bc3696fffb5d507b664cb0cac45"} [2025-12-10 10:14:05.508] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:05.508] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:05.508] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:05.508] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:05.508] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:05.509] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:05.621] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361645621, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519469900594, "etime": 1727519469900594, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62820, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:05.621] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:08.609] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26215 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl?X-Amz-Signature=bc30e892ed17baf2ccec0b972ce50e29bbeb52655bda95f68d8f3c7583d83bbe&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021408Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:14:08.609] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:08.609] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:08.609] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:08.610] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:08.610] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:08.610] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:08.724] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361648723, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255555653239, "etime": 1727255555653239, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43087, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:08.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:11.714] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26216 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021411Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=088a9d6e627a961712a987dd8eac4640f240930d55d4c24183d861a69f50b29a"} [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:11.714] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:11.780] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361651779, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518668398428, "etime": 1727518668398428, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62117, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:11.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:14.818] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24548 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021414Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1e72f0ad0c4b30a51ef0e7653df4e909ae945256bb862d2e4dcb0641d455d37b"} [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:14.819] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:14.886] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361654885, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436530014283, "etime": 1727436530014283, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50943, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:14.886] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:17.925] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26217 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021417Z&X-Amz-Expires=604800&X-Amz-Signature=e5c62bc8a5dd17d11523af1c08cdc8690973ce18a4865edc3507f88c40f25f3a"} [2025-12-10 10:14:17.925] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:17.925] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:17.925] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:17.926] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:17.926] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:17.926] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:18.046] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361658045, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726283958068160, "etime": 1726283958068160, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11104, "dest_port": 4433, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:14:18.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:14:18.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:18.046] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:14:21.028] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24549 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0c63e85cb5195a8685c9cb9d242e389a6128bd3b338758ca058fbd72c00914e9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021420Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:14:21.028] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:21.028] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:21.029] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:21.029] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:21.029] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:21.029] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:21.098] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361661097, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726205287191196, "etime": 1726205287191196, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41527, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:21.098] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:24.133] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24980 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021423Z&X-Amz-Signature=7a466491e48f3353788e70280b4082749f9e0c6cb6853d29d27b211231fc1861&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:24.133] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:24.133] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:24.133] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:24.133] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:24.133] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:24.134] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:24.250] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361664249, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520238937790, "etime": 1727520238937790, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63525, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:24.250] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:27.236] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24550 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=dc4e94d4763c567703c6092aa72c08684cd99ad2357be2cdf7fb44514ec060e1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021426Z&X-Amz-Expires=604800"} [2025-12-10 10:14:27.236] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:27.236] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:27.236] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:27.236] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:27.236] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:27.237] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:27.366] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361667365, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519627533582, "etime": 1727519627533582, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62968, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:27.366] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:30.339] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24551 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl?X-Amz-Date=20251210T021429Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a3f3adcf22161ed2118fc669a58ce9e3b8b59e0dea46ac6eec3d1eedafb91096"} [2025-12-10 10:14:30.340] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:30.340] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:30.340] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:30.340] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:30.340] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:30.341] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:30.453] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361670452, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436507101811, "etime": 1727436507101811, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50920, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:30.453] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:33.443] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26218 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl?X-Amz-Date=20251210T021432Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2cd00264a42eea3407bc9ce94eec75bacb0b54c18bac866d4e3f97ea3af7b5b8&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:33.443] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:33.443] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:33.443] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:33.443] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:33.443] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:33.444] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:33.572] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361673572, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518652362099, "etime": 1727518652362099, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62099, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:33.572] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:36.545] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24552 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021436Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d357114f9c5d5b54de97a64f01bf3cd8162396e7fffadf71e97417026598ec6c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:14:36.545] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:36.545] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:36.545] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:36.545] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:36.545] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:36.546] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:36.672] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361676671, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206852448153, "etime": 1726206852448153, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41851, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:36.672] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:39.649] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26219 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021439Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bae7de1d1380626d33f39da13690cc7c75f28cc11d331bf7c11be0ddff8cd5ae&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:14:39.649] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:39.649] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:39.649] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:39.649] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:39.649] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:39.650] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:39.780] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361679779, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405709356334, "etime": 1727405709356334, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40759, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:14:39.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:14:39.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:39.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:14:42.753] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26220 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=17c85ea6efd3b34d2572764e018e099a3eabb02f6a1069f8a3a1846c12cc4707&X-Amz-Date=20251210T021442Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:14:42.753] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:42.753] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:42.754] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:42.754] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:42.754] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:42.755] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:42.881] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361682880, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726283996892289, "etime": 1726283996892289, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11105, "dest_port": 4433, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:14:42.881] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:14:42.881] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:42.881] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:14:45.856] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24553 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl?X-Amz-Date=20251210T021445Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=52e4e97dada5533b61626823b94fdd404dc4c617fb69475b28e342dafe2f3fbb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:14:45.856] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:45.856] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:45.856] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:45.856] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:45.856] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:45.857] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:45.986] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361685985, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405654601098, "etime": 1727405654601098, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40638, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:14:45.986] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:14:45.986] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:45.986] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:14:48.957] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24981 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021448Z&X-Amz-Signature=36a21e679f73fc7a0215f383d77dcc8e19e0418be4df4f16e2f3673503421e6e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:14:48.958] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:48.958] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:48.958] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:48.958] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:48.958] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:48.959] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:49.087] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361689086, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255551654359, "etime": 1727255551654359, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43069, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:49.087] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:52.059] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24554 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021451Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=833be602562805951616d5dcb87e3786f7bc0f0f695af4c3f1e9e9688fa8267b"} [2025-12-10 10:14:52.059] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:52.059] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:52.059] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:52.060] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:52.060] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:52.060] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:52.190] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361692190, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255542751069, "etime": 1727255542751069, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43064, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:52.190] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:55.159] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24555 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl?X-Amz-Expires=604800&X-Amz-Signature=fead9b27449f01d46a6e9837495a52bcee52d092962360f64fce0bcbf3e105ef&X-Amz-Date=20251210T021454Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:14:55.160] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:55.160] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:55.160] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:55.160] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:55.160] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:55.161] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:55.291] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361695291, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255548956706, "etime": 1727255548956706, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43068, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:55.291] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:14:58.262] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24556 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021457Z&X-Amz-Signature=21fa16a029771b8826b601729003fb2b60a9f68c0472335c87c543556044e1df&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:14:58.262] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:14:58.262] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:14:58.263] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:14:58.263] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:14:58.263] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:14:58.264] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:14:58.393] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361698392, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255545887926, "etime": 1727255545887926, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43067, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:14:58.393] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:01.363] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24557 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021500Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e80d639edf7fa53d27c6f43e2c1f45ec37c1324bdaf5a47ca58044404df60bf0&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:01.364] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:01.364] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:01.364] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:01.364] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:01.364] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:01.365] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:01.492] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361701491, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255540412612, "etime": 1727255540412612, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43062, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:01.492] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:04.465] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26221 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f3262e334916dd8a672b72b4f9e081719d6d94090c7853da65fae72d462af797&X-Amz-Date=20251210T021503Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:04.465] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:04.465] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:04.465] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:04.465] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:04.465] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:04.466] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:04.596] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361704595, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646667772350, "etime": 1726646667772350, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62923, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:04.596] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:07.567] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24982 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=121986716b4b97a81475759fc34b4fa6dcc54b2f83aa721faa5d14405dffee5b&X-Amz-Date=20251210T021507Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:15:07.567] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:07.567] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:07.567] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:07.567] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:07.567] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:07.568] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:07.695] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361707694, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646799959259, "etime": 1726646799959259, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62948, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:07.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:10.670] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24983 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ca24621d2721ee3e390712a1302a9c4c9a6bcc6df6aba24259646b78ad05bb1e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021510Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:15:10.670] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:10.670] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:10.670] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:10.670] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:10.670] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:10.671] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:10.790] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361710789, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255879068856, "etime": 1727255879068856, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43393, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:10.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:10.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:10.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:13.774] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24558 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e65fcf710d4e54b91d6e9ef844234846dc51f999fc1b41980a561fad2790c290&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021513Z"} [2025-12-10 10:15:13.774] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:13.774] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:13.775] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:13.775] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:13.775] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:13.776] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:13.896] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361713896, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726283937692307, "etime": 1726283937692307, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 11103, "dest_port": 4433, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:13.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:13.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:13.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:16.878] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24984 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=1aa6ab488bb022b72be1b10d912ec4ead245e2a6e652891e89d1a7e67ee111dd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021516Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:15:16.878] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:16.878] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:16.878] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:16.878] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:16.878] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:16.879] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:17.006] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361717006, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726129392239068, "etime": 1726129392239068, "src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "src_port": 36032, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:17.006] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:19.981] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24559 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021519Z&X-Amz-Expires=604800&X-Amz-Signature=849bdaf248cb3238df7ece0e4af7802719e3e43055ce3d1e40765510522eaad5"} [2025-12-10 10:15:19.981] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:19.981] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:19.981] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:19.981] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:19.981] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:19.982] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:20.103] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361720102, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405702934112, "etime": 1727405702934112, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40754, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:20.103] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:20.103] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:20.103] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:23.083] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24560 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1c85de1dd924bd5e6aee93c2f12e8932386a31e658f0e14a5452b8ad790f6fb5&X-Amz-Date=20251210T021522Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:15:23.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:23.084] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:23.084] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:23.084] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:23.084] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:23.085] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:23.220] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361723219, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255881398747, "etime": 1727255881398747, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43400, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:23.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:23.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:23.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:26.187] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26222 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021525Z&X-Amz-Expires=604800&X-Amz-Signature=7ed812bf3824b7d71073dbe68dc2ae81defab6372ab58c4d7c68665d64fce090&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:15:26.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:26.187] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:26.187] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:26.187] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:26.187] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:26.189] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:26.318] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361726317, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727255889222715, "etime": 1727255889222715, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 43402, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:26.318] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:26.318] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:26.318] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:29.290] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24561 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021528Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b2982502c8d18be0834c5f42c97e975dae9ef9724186a5fd568f663dcc8d78d3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:15:29.290] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:29.290] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:29.290] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:29.290] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:29.290] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:29.291] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:29.419] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361729418, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405688501612, "etime": 1727405688501612, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40732, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:29.419] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:29.419] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:29.419] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:32.394] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24562 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl?X-Amz-Date=20251210T021531Z&X-Amz-Expires=604800&X-Amz-Signature=43462af8480b064c9ac892b32289464a850c7b233f5f1026c84fe9c5a792b291&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:32.394] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:32.394] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:32.394] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:32.394] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:32.394] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:32.395] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:32.525] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361732525, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405701612895, "etime": 1727405701612895, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40747, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:32.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:32.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:32.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:35.495] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24985 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl?X-Amz-Signature=8be3b466f88bd141507492dff336e5632da41da1a9b10e3088cdc58cce1dd2e1&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021535Z"} [2025-12-10 10:15:35.496] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:35.496] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:35.496] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:35.496] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:35.496] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:35.497] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:35.624] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361735623, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726646945446147, "etime": 1726646945446147, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62962, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:35.624] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:15:38.599] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26223 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl?X-Amz-Date=20251210T021538Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e1853ce893da3d17c8d183a52fbed718dda1d5f779a175c7b582e7302bf4bc1f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:15:38.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:38.599] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:38.599] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:38.599] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:38.599] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:38.600] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:38.734] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361738733, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405704483359, "etime": 1727405704483359, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40756, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:38.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:38.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:38.734] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:41.704] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24986 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021541Z&X-Amz-Expires=604800&X-Amz-Signature=3fccc6e633459786d1ec08a0f6f632a6172cb3ea2321938a9af0226bf6b123e5"} [2025-12-10 10:15:41.704] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:41.704] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:41.704] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:41.704] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:41.704] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:41.705] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:41.837] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361741836, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405643016396, "etime": 1727405643016396, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40633, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:41.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:41.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:41.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:44.807] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24987 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021544Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=07bad9d5dc00d3bfcaf025319730a308859b8e894153acd5354d2bb5f4de06c7"} [2025-12-10 10:15:44.807] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:44.807] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:44.807] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:44.807] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:44.807] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:44.808] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:44.936] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361744935, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159684785795, "etime": 1727159684785795, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50447, "dest_port": 9443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:15:44.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:44.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:44.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:47.910] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24563 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl?X-Amz-Signature=e5c64548ae96775bf753b346e791a912092b669fc6f2aaf327eb351d4e0449c1&X-Amz-Date=20251210T021547Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:15:47.910] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:47.910] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:47.911] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:47.911] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:47.911] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:47.912] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:48.041] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361748040, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405644825860, "etime": 1727405644825860, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40634, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:48.041] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:48.041] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:48.041] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:51.014] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26224 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=243675d3a1e31be059eaa797e3ed3f789b8f12d3f7de7ae370895642bf74c023&X-Amz-Date=20251210T021550Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:15:51.014] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:51.014] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:51.014] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:51.015] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:51.015] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:51.015] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:51.142] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361751141, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405641339056, "etime": 1727405641339056, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40632, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:51.142] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:51.142] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:51.142] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:54.117] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26225 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021553Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=da7ff27e8baae5c84d960f03c85f474b2f86c128aa4ac6bedc7b77c4d625a300"} [2025-12-10 10:15:54.117] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:54.117] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:54.117] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:54.117] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:54.117] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:54.118] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:54.246] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361754245, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405649883214, "etime": 1727405649883214, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40636, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:15:54.246] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:15:54.246] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:54.246] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:15:57.219] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24988 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8dfb59720a42a549ec835dead0734a15204ed47408b8631cc1f3adbfc57cd5fe&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021556Z"} [2025-12-10 10:15:57.219] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:15:57.219] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:15:57.219] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:15:57.219] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:15:57.219] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:15:57.220] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:15:57.347] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361757346, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644178661885, "etime": 1726644178661885, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62615, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:15:57.347] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:00.320] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24989 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl?X-Amz-Signature=e66a05fe04cabebd48b0bbf1abede6b4cd7feb570a8ce68b4b235bf52b8cb156&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021559Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:00.320] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:00.320] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:00.321] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:00.321] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:00.321] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:00.322] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:00.452] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361760452, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644151833556, "etime": 1726644151833556, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62612, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:00.452] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:03.422] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26226 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021602Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d37d83ff6d59cfcd201f456296c2dcdec13b018da994400a3881a6f7cdd9660d&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:03.422] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:03.492] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361763491, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644320237168, "etime": 1726644320237168, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62633, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:03.492] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:06.525] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26227 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a4acfa22bd692d78a039f1049555ba48f3a36660209401e20597e16a664929e2&X-Amz-Date=20251210T021606Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:06.525] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:06.594] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361766593, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254933580721, "etime": 1727254933580721, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55620, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:16:06.594] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:06.594] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:06.594] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:09.633] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26228 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl?X-Amz-Signature=5f0b0e894b61d0ac9110e8eddf7ba2e29098b290eddbbff75c0060ee8717f263&X-Amz-Date=20251210T021609Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:09.633] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:09.701] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361769700, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727520246114102, "etime": 1727520246114102, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63532, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:16:09.701] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:09.701] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:09.701] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:12.737] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24990 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl?X-Amz-Date=20251210T021612Z&X-Amz-Signature=d8b28c8883d9190e0ca8e2c0776f12d6f1bbb6033377e9efc826fd01956ba91e&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:12.737] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:12.851] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361772851, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727520244299975, "etime": 1727520244299975, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:16:12.851] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:12.851] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:12.851] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:15.838] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24564 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021615Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1340c99123fc058c3a94fe743f0722a5eb032dee6c1048cbc654ce0545f0dcfa&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:15.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:15.838] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:15.839] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:15.839] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:15.839] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:15.840] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:15.969] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361775968, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726644371257948, "etime": 1726644371257948, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62638, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:15.969] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:18.942] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24565 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl?X-Amz-Date=20251210T021618Z&X-Amz-Expires=604800&X-Amz-Signature=6ce1721991e5646382f6da6920d62a6084e68035e2f2615ba9e079869274d9c1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:18.942] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:18.942] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:18.943] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:18.943] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:18.943] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:18.944] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:19.074] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361779074, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727405639447823, "etime": 1727405639447823, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 40630, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:16:19.075] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:19.075] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:19.075] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:22.045] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26229 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f1639a938e94b27b7f9ae3ec4a2ea4c2fc426d932497eb1c5f6fe9ead2696815&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021621Z"} [2025-12-10 10:16:22.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:22.045] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:22.045] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:22.045] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:22.045] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:22.046] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:22.174] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361782173, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645204908922, "etime": 1726645204908922, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62747, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:22.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:25.147] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24991 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl?X-Amz-Signature=b095fb605ebac5714dc25c538474ac570cf0ff797fd47bdfa2e66a823b59b24d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021624Z&X-Amz-Expires=604800"} [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:25.147] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:25.219] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361785218, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645354957404, "etime": 1726645354957404, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62761, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:25.219] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:28.248] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26230 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl?X-Amz-Signature=d04621907b86990105379490f9deccfd1dbfd8f7b3702ebc8c2a01d187167fe5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021627Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:28.248] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:28.248] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:28.249] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:28.249] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:28.249] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:28.249] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:28.363] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361788362, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645377556937, "etime": 1726645377556937, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62763, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:28.363] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:31.352] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26231 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021630Z&X-Amz-Signature=912bd6c5acecda2a3b5537d85198f1a849c2e1d8b6e5d1d19d7ac9cfde9c889f"} [2025-12-10 10:16:31.352] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:31.352] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:31.352] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:31.352] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:31.352] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:31.353] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:31.477] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361791477, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645414318084, "etime": 1726645414318084, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62769, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:31.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:34.453] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24992 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl?X-Amz-Signature=db100896bdc431c4eb611db399745d4cc04e0622453a17f0af7bc3347b2f9623&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021633Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:34.454] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:34.454] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:34.454] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:34.454] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:34.454] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:34.455] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:34.581] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361794581, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645333342185, "etime": 1726645333342185, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62759, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:34.581] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:37.555] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26232 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8c5b637aa9b15238b66ed71be51087f9efbb11797772389945c4091fd4d1f812&X-Amz-Date=20251210T021637Z"} [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:37.556] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:37.624] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361797624, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726645401524068, "etime": 1726645401524068, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62768, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:37.624] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:40.658] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26233 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=20c6a6c2abb9f28f21e754b902094e5a6fdba2a23fc55cfa7ff05aaa45b96b6a&X-Amz-Date=20251210T021640Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:40.776] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361800775, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018281983387, "etime": 1726018281983387, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11809, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:16:40.776] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:40.776] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:40.776] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:43.762] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24993 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021643Z&X-Amz-Signature=25af308e3ba78041ca759cbd65a3ea07238f3f46515183df2674d554369ead6f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:16:43.763] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:43.763] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:43.763] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:43.763] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:43.763] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:43.764] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:43.876] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361803876, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018582509135, "etime": 1726018582509135, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12308, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:16:43.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:43.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:43.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:46.864] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26234 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8ccd6f2426086e00b93690bd0a4f7fe2fa2c4967fc4a569db5227d1726d68ff0&X-Amz-Date=20251210T021646Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:16:46.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:46.864] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:46.864] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:46.864] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:46.864] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:46.865] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:46.990] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361806990, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726206221855430, "etime": 1726206221855430, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41731, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:46.991] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:49.965] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26235 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl?X-Amz-Signature=525e02c2e6563e77ec9dec57cb644158a28de3c1c6f779183bfe80021fb7c225&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021649Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:16:49.966] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:49.966] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:49.966] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:49.966] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:49.966] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:49.967] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:50.095] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361810095, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726204412622978, "etime": 1726204412622978, "src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "src_port": 41374, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:16:50.095] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:16:53.068] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24994 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl?X-Amz-Signature=6e293aafb449c72fd9f1add17a615023c96bab5273c6091fc1b3c41f45bf6a2a&X-Amz-Date=20251210T021652Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:53.068] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:53.068] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:53.068] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:53.068] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:53.068] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:53.069] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:53.152] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361813152, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042680219384, "etime": 1726042680219384, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42745, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:16:53.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:53.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:53.152] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:56.172] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24566 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl?X-Amz-Signature=7e804d2e0d0955f633da6e814828fcdd84b72303eb3b9d887c6d22aa0887edb9&X-Amz-Date=20251210T021655Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:56.172] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:56.172] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:56.172] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:56.172] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:56.172] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:56.173] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:56.304] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361816303, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042781516166, "etime": 1726042781516166, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42875, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:16:56.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:56.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:56.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:16:59.275] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24567 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021658Z&X-Amz-Signature=5c43bdb303d107e6ae15e30b87b7c8c37d237cc85b57351b5d7d0202d71d7a24&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:59.275] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:16:59.275] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:16:59.275] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:16:59.275] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:16:59.275] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:16:59.276] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:16:59.403] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361819402, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254937968710, "etime": 1727254937968710, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55632, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:16:59.403] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:16:59.403] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:59.403] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:02.378] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24568 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021701Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5399510f44ec31eafe313a556951aa0fea8caceb7665806148c981b56b2ac482"} [2025-12-10 10:17:02.378] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:02.378] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:02.379] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:02.379] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:02.379] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:02.380] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:02.509] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361822509, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254929784880, "etime": 1727254929784880, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55606, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:02.510] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:02.510] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:02.510] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:05.481] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24995 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=50c6b450048f8ce022f61a3bf8137bcd73625eebb21bd476b708feca4e9a52dd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021704Z&X-Amz-Expires=604800"} [2025-12-10 10:17:05.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:05.481] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:05.481] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:05.481] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:05.481] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:05.482] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:05.591] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361825591, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254941432083, "etime": 1727254941432083, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55638, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:05.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:05.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:05.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:08.584] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24996 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021708Z&X-Amz-Expires=604800&X-Amz-Signature=b82508c94073c9aa0b01cfe1bba3440d8f4f5adfd32084b5b20fbcbf6e4a9d42"} [2025-12-10 10:17:08.584] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:08.584] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:08.585] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:08.585] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:08.585] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:08.585] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:08.692] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361828691, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041749434582, "etime": 1726041749434582, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41055, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:17:08.692] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:08.692] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:08.692] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:11.687] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26236 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bca403a61099dfddb6aa15eca2835a53abc1cad1892b5c3e2bfc80e803521e02&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021711Z"} [2025-12-10 10:17:11.688] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:11.688] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:11.688] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:11.688] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:11.688] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:11.689] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:11.813] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361831812, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254935262592, "etime": 1727254935262592, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55626, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:11.813] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:11.813] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:11.813] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:14.793] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24569 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl?X-Amz-Date=20251210T021714Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=659a5e559b964494cd96862647b6c17a9029da4056a68bd6861f985cc5aaa84a"} [2025-12-10 10:17:14.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:14.793] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:14.794] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:14.794] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:14.794] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:14.795] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:14.921] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361834920, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727254943957055, "etime": 1727254943957055, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 55641, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:14.921] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:14.921] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:14.921] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:17.895] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24570 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl?X-Amz-Date=20251210T021717Z&X-Amz-Signature=3d555a32866f1d9e5918a28d42524b8438bc6a8e8f5a4beee7bcfb01a5f20039&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:17:17.895] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:17.895] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:17.895] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:17.895] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:17.895] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:17.896] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:17.973] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361837973, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405500406742, "etime": 1727405500406742, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 54132, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:17.973] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:20.996] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26237 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c43acd1d05f77518007ee768a1fc33e3e884192526008cf0f6cecf6f139dd938&X-Amz-Date=20251210T021720Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:17:20.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:20.996] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:20.996] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:20.996] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:20.996] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:20.997] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:21.109] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361841108, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727405543422550, "etime": 1727405543422550, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 36459, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:21.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:24.098] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26238 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2c6c266488cf85e84f9e929d550f34d297c00e6736e6187283e98ed30b463edd&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021723Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:24.098] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:24.164] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361844163, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727436116178811, "etime": 1727436116178811, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 50558, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:24.164] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:27.201] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26239 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fb2bcb000c3829894e7823ffa012b80967d3477ac73f50ebe1a458f7c3659e80&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021726Z"} [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:27.201] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:27.304] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361847304, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727520254561361, "etime": 1727520254561361, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63543, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:27.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:27.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:27.304] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:30.303] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26240 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7bef2472e1e2c122d28a7b333dfca3aa76c33fed1f192c7c58c2264c9b279cb0&X-Amz-Date=20251210T021729Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:30.303] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:30.369] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361850368, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518189693866, "etime": 1727518189693866, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61686, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:30.369] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:33.405] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26241 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl?X-Amz-Date=20251210T021732Z&X-Amz-Signature=c828c2b9282d55ca3a6343eec61ed9867b9cc3cdadeb567b5c3ae5595375796d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:17:33.405] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:33.405] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:33.405] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:33.405] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:33.405] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:33.406] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:33.478] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361853477, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624889032475, "etime": 1726624889032475, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53571, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:33.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:33.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:33.478] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:36.507] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24571 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021735Z&X-Amz-Signature=0baf46e42a8b4392dd8031ca50f7f6e4d37a386d09ef04159eab5aac0f733c22&X-Amz-Expires=604800"} [2025-12-10 10:17:36.507] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:36.507] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:36.507] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:36.507] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:36.507] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:36.508] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:36.574] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361856574, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193434093173, "etime": 1726193434093173, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13386, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:36.574] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:39.609] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24997 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=214f6b8e8716fdbf2d2f0e273783b3866ee3f9d9fb79e4a0cab0eed44050cbbd&X-Amz-Date=20251210T021739Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:39.609] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:39.677] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361859676, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727518187387787, "etime": 1727518187387787, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 61684, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:39.677] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:42.710] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24998 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=925ef69be1ee37bf071daef86e788c317c4138d6e99333f9e748f33a31527fc2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021742Z&X-Amz-Expires=604800"} [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:42.710] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:42.778] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361862778, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726642576392496, "etime": 1726642576392496, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62399, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:42.778] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:45.813] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 24999 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl?X-Amz-Signature=33c6c96513d563a62e5083c905f78be43fb3cde09b98c16519d6c63a18e65117&X-Amz-Expires=604800&X-Amz-Date=20251210T021745Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:17:45.813] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:45.813] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:45.814] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:45.814] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:45.814] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:45.814] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:45.882] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361865882, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625055492940, "etime": 1726625055492940, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53626, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:45.883] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:45.883] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:45.883] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:48.914] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26242 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021748Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4c7365184fa55efddfeaa9654e21b221740bb83c31bc659107df9da27f34aedf"} [2025-12-10 10:17:48.914] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:48.914] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:48.914] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:48.914] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:48.914] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:48.915] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:48.983] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361868982, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726643244246421, "etime": 1726643244246421, "src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "src_port": 62477, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:48.983] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:17:52.017] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24572 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021751Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=c9bb1a06caa1e45832ede4bb006a91a46601918db5142fd7fb8a186876265ddb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:17:52.017] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:52.017] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:52.017] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:52.017] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:52.017] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:52.018] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:52.083] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361872083, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625086764321, "etime": 1726625086764321, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53643, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:52.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:52.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:52.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:55.120] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26243 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=331ee74cdb6715c94a84910e5eb7e42993c065b55d4eeed00515b2e9c99ffb53&X-Amz-Date=20251210T021754Z"} [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:55.120] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:55.187] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361875186, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624911643889, "etime": 1726624911643889, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53576, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:17:55.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:17:55.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:55.187] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:17:58.223] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26244 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4b7331c2d6ce51c250a8fa8c4957e68f549d348fa43ea81ab3e13bc1fc813791&X-Amz-Date=20251210T021757Z"} [2025-12-10 10:17:58.223] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:17:58.223] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:17:58.223] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:17:58.223] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:17:58.223] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:17:58.224] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:17:58.347] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361878346, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519458314212, "etime": 1727519458314212, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62806, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:17:58.347] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:01.326] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25000 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl?X-Amz-Date=20251210T021800Z&X-Amz-Signature=179ee37819640ecd0f6584501c408a4cf03bc3460a7f52ff7260831934f33fe7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:18:01.326] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:01.326] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:01.326] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:01.327] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:01.327] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:01.328] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:01.445] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361881445, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624883134346, "etime": 1726624883134346, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53562, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:01.445] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:01.445] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:01.445] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:04.427] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26245 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl?X-Amz-Date=20251210T021803Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1b19ed410cb6202c998a38e97b3f250a61597e8d137599ef56f662f2249631ba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:04.427] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:04.427] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:04.428] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:04.428] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:04.428] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:04.429] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:04.555] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361884554, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727520052286627, "etime": 1727520052286627, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 63347, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:04.555] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:07.530] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24573 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021807Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=baf9a50b180e2cefc8f0f522c5a21fc9845b2d99570f167ac82b9ea2e79ac82c"} [2025-12-10 10:18:07.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:07.530] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:07.531] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:07.531] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:07.531] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:07.532] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:07.660] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361887659, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624884608075, "etime": 1726624884608075, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53570, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:07.660] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:07.660] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:07.660] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:10.633] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24574 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021810Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7aaffd51d5bcb0c5778958a596625fae3ab1496159d03f41009efeff14f8f233&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:10.634] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:10.704] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361890703, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625040053280, "etime": 1726625040053280, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53622, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:10.704] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:10.704] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:10.704] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:13.735] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24575 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl?X-Amz-Signature=a17c32d46e0175f7dcd24e09589fb3631cd675b8826b9df28457a4f9a0f3c7c3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021813Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:13.736] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:13.736] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:13.736] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:13.736] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:13.736] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:13.737] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:13.849] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361893848, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727255460891158, "etime": 1727255460891158, "src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "src_port": 26048, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:13.849] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:16.838] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24576 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl?X-Amz-Date=20251210T021816Z&X-Amz-Signature=3290816f7faa264bd2a2f0d1a810ae05fecdff43bf3197be2b2f3225d5d1fd0b&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:16.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:16.838] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:16.838] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:16.838] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:16.838] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:16.839] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:16.967] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361896966, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726624914190866, "etime": 1726624914190866, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53577, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:16.967] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:16.967] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:16.967] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:19.942] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25001 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl?X-Amz-Signature=61d0f6a97bd38fa7191392bfb6188ceb812044819b409d976289bb0d4e55fab5&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021819Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:19.942] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:19.942] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:19.942] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:19.942] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:19.942] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:19.943] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:20.069] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361900069, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625081765499, "etime": 1726625081765499, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53639, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:20.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:20.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:20.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:23.045] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26246 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl?X-Amz-Date=20251210T021822Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=fa4137a5cb3b175c813d0a0726783a3bf3877ef1b987e56ae419c6dedd94ae51&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:23.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:23.045] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:23.045] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:23.045] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:23.046] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:23.046] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:23.113] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361903113, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726625042092086, "etime": 1726625042092086, "src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "src_port": 53623, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:18:23.113] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:23.113] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:23.113] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:26.146] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25002 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl?X-Amz-Date=20251210T021825Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6f28c0e7dbde9fbcef01df8e2c4cb458534c5d1a2e48f5b220979d472dade54f&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:26.146] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:26.146] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:26.146] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:26.146] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:26.146] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:26.147] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:26.217] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765361906216, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727519456154580, "etime": 1727519456154580, "src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "src_port": 62804, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:26.217] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:29.287] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24577 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl?X-Amz-Expires=604800&X-Amz-Signature=06fecdd0212192b8dd067ff877ebd2bd9f382561f52930a3fc3a14be901baac2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021828Z"} [2025-12-10 10:18:29.287] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:29.287] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:29.287] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:29.287] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:29.287] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:29.288] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:33.757] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl|result:{"code": 0, "total_count": 66, "abnormal_count": 0, "normal_count": 66, "alert_count": 0, "timestamp": 1765361913756, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727336269359905, "etime": 1727336269359905, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50484, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336236608317, "etime": 1727336236608317, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50452, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336262201984, "etime": 1727336262201984, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336223279965, "etime": 1727336223279965, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50438, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336249999090, "etime": 1727336249999090, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50464, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336276546181, "etime": 1727336276546181, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50492, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336234579141, "etime": 1727336234579141, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50450, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336259155119, "etime": 1727336259155119, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336275531900, "etime": 1727336275531900, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50491, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336159188057, "etime": 1727336159188057, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50432, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336240672072, "etime": 1727336240672072, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50454, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336226326993, "etime": 1727336226326993, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50441, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336245920916, "etime": 1727336245920916, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50460, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336252045869, "etime": 1727336252045869, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50466, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336159202203, "etime": 1727336159202203, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50433, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336227420589, "etime": 1727336227420589, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50443, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336263217891, "etime": 1727336263217891, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50477, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336244733165, "etime": 1727336244733165, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50458, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336270374160, "etime": 1727336270374160, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50485, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336239657082, "etime": 1727336239657082, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50453, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336265248788, "etime": 1727336265248788, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50479, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336251031126, "etime": 1727336251031126, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50465, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336254077327, "etime": 1727336254077327, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50468, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336257123886, "etime": 1727336257123886, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50471, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336243718015, "etime": 1727336243718015, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50457, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336232531267, "etime": 1727336232531267, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50448, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336244907834, "etime": 1727336244907834, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50459, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336272420913, "etime": 1727336272420913, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50487, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336273453308, "etime": 1727336273453308, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50488, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336258139752, "etime": 1727336258139752, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50472, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336280628133, "etime": 1727336280628133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50497, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336225311829, "etime": 1727336225311829, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50440, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336253061343, "etime": 1727336253061343, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50467, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336247952078, "etime": 1727336247952078, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336228438356, "etime": 1727336228438356, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50444, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336278577027, "etime": 1727336278577027, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50494, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336264233548, "etime": 1727336264233548, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50478, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336266264613, "etime": 1727336266264613, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50480, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336268327205, "etime": 1727336268327205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50483, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336248984231, "etime": 1727336248984231, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50463, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336271407105, "etime": 1727336271407105, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50486, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336229451955, "etime": 1727336229451955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50445, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336260170530, "etime": 1727336260170530, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50474, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336267280376, "etime": 1727336267280376, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50481, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336279610059, "etime": 1727336279610059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50495, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336226404540, "etime": 1727336226404540, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50442, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336233545567, "etime": 1727336233545567, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50449, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336235592282, "etime": 1727336235592282, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50451, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336277562932, "etime": 1727336277562932, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50493, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336255093205, "etime": 1727336255093205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50469, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336222264456, "etime": 1727336222264456, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50437, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336242701914, "etime": 1727336242701914, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50456, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336256108189, "etime": 1727336256108189, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50470, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336246938883, "etime": 1727336246938883, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50461, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336221249116, "etime": 1727336221249116, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50436, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336230483931, "etime": 1727336230483931, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50446, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336224295816, "etime": 1727336224295816, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50439, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336231499439, "etime": 1727336231499439, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50447, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336275483161, "etime": 1727336275483161, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50490, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336280624346, "etime": 1727336280624346, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50496, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336220240724, "etime": 1727336220240724, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50435, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336274467766, "etime": 1727336274467766, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50489, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336219217860, "etime": 1727336219217860, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50434, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336241686445, "etime": 1727336241686445, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50455, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336261187136, "etime": 1727336261187136, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50475, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727336267315873, "etime": 1727336267315873, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50482, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:33.757] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:33.757] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25003 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl?X-Amz-Date=20251210T021831Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=caf69bc5196e527e387c512fcf8dddb3a1280c0736b07be7bc93a6c2e3a17be2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:33.758] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:35.682] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 1, "normal_count": 26, "alert_count": 1, "timestamp": 1765361915681, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727153691191174, "etime": 1727153691191174, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49376, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153764285141, "etime": 1727153764285141, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49392, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153757972834, "etime": 1727153757972834, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153762232147, "etime": 1727153762232147, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49390, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153753442328, "etime": 1727153753442328, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49380, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153763254365, "etime": 1727153763254365, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49391, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153756928484, "etime": 1727153756928484, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49384, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727153765331457, "etime": 1727153765331457, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49393, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153766365771, "etime": 1727153766365771, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49394, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153767426000, "etime": 1727153767426000, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153770567833, "etime": 1727153770567833, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153771613390, "etime": 1727153771613390, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153772675957, "etime": 1727153772675957, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153772704023, "etime": 1727153772704023, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153769521916, "etime": 1727153769521916, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153754488716, "etime": 1727153754488716, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49381, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153761097635, "etime": 1727153761097635, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49388, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153756567827, "etime": 1727153756567827, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153751269292, "etime": 1727153751269292, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153755534570, "etime": 1727153755534570, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153689151982, "etime": 1727153689151982, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727153751327074, "etime": 1727153751327074, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49378, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153752395693, "etime": 1727153752395693, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153759020528, "etime": 1727153759020528, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49386, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153762129422, "etime": 1727153762129422, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49389, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153768472504, "etime": 1727153768472504, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49396, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153760066519, "etime": 1727153760066519, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49387, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:35.682] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26247 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=67114ec92a8ed5cf6bfa7e010aef5b2d676d88efc369bdbb2b6ba7416294c327&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021835Z"} [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:35.682] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:35.683] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:40.077] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl|result:{"code": 0, "total_count": 63, "abnormal_count": 0, "normal_count": 63, "alert_count": 0, "timestamp": 1765361920075, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727337493376321, "etime": 1727337493376321, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52017, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337438439017, "etime": 1727337438439017, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51961, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337439454487, "etime": 1727337439454487, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51962, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337459845184, "etime": 1727337459845184, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51983, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337448626331, "etime": 1727337448626331, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51971, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337377361039, "etime": 1727337377361039, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51958, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337446594768, "etime": 1727337446594768, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51969, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337454766630, "etime": 1727337454766630, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51978, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337473079393, "etime": 1727337473079393, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51997, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337490274836, "etime": 1727337490274836, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52013, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337470035158, "etime": 1727337470035158, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51994, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337492360861, "etime": 1727337492360861, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52016, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337494395814, "etime": 1727337494395814, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52019, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337456798287, "etime": 1727337456798287, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51980, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337447610822, "etime": 1727337447610822, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51970, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337464923406, "etime": 1727337464923406, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51988, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337476158180, "etime": 1727337476158180, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52000, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337467970633, "etime": 1727337467970633, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51991, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337485048342, "etime": 1727337485048342, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52007, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337487204446, "etime": 1727337487204446, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52010, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337488236263, "etime": 1727337488236263, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52011, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337478954915, "etime": 1727337478954915, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52001, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337443532274, "etime": 1727337443532274, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51966, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337437376246, "etime": 1727337437376246, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51959, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337494392298, "etime": 1727337494392298, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52018, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337486064057, "etime": 1727337486064057, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52008, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337466954219, "etime": 1727337466954219, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51990, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337484032436, "etime": 1727337484032436, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52006, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337462891018, "etime": 1727337462891018, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51986, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337451732897, "etime": 1727337451732897, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51975, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337474111933, "etime": 1727337474111933, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51998, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337491329699, "etime": 1727337491329699, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52015, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337470001208, "etime": 1727337470001208, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51993, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337442519193, "etime": 1727337442519193, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51965, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337475126323, "etime": 1727337475126323, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51999, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337449641744, "etime": 1727337449641744, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51972, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337451700849, "etime": 1727337451700849, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51974, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337460860446, "etime": 1727337460860446, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51984, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337482001230, "etime": 1727337482001230, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52004, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337479970148, "etime": 1727337479970148, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52002, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337377334882, "etime": 1727337377334882, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51957, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337486196414, "etime": 1727337486196414, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52009, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337490318074, "etime": 1727337490318074, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52014, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337472066163, "etime": 1727337472066163, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51996, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337455784571, "etime": 1727337455784571, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51979, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337445579360, "etime": 1727337445579360, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51968, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337450657802, "etime": 1727337450657802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51973, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337453751623, "etime": 1727337453751623, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51977, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337480986060, "etime": 1727337480986060, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52003, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337483016712, "etime": 1727337483016712, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52005, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337463907755, "etime": 1727337463907755, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51987, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337489251565, "etime": 1727337489251565, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52012, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337440471703, "etime": 1727337440471703, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51963, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337461876605, "etime": 1727337461876605, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51985, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337465938608, "etime": 1727337465938608, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51989, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337444564677, "etime": 1727337444564677, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51967, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337471048323, "etime": 1727337471048323, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51995, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337452735949, "etime": 1727337452735949, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51976, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337458829254, "etime": 1727337458829254, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51982, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337457813547, "etime": 1727337457813547, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51981, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337441485586, "etime": 1727337441485586, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51964, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337468985862, "etime": 1727337468985862, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51992, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337438391924, "etime": 1727337438391924, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51960, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:40.077] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24578 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl?X-Amz-Signature=a6162ea9fd1c9dad73920c5ef0554dbedfb2f436c279fbd6466500cd0504d9dc&X-Amz-Expires=604800&X-Amz-Date=20251210T021838Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:40.077] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:40.154] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361920153, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642702522896, "etime": 1726642702522896, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49294, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:18:40.154] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:40.154] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:40.154] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:41.839] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24579 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021841Z&X-Amz-Signature=2a69a4ece1b604373eb5aab77ba3b6e5e41a51b3511fe9f485b4cab1d47fefc1&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:41.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:41.839] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:41.840] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:41.840] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:41.840] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:41.841] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:41.931] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361921931, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642702522896, "etime": 1726642702522896, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49294, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:18:41.931] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:41.931] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:41.931] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:44.944] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24580 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl?X-Amz-Date=20251210T021844Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b2b0a8dfb1411070681a2e7c4175199e0e72702579881d7c7d48d44a4de8717c&X-Amz-Expires=604800"} [2025-12-10 10:18:44.944] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:44.944] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:44.944] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:44.944] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:44.944] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:44.945] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:49.125] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl|result:{"code": 0, "total_count": 59, "abnormal_count": 0, "normal_count": 59, "alert_count": 0, "timestamp": 1765361929123, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727317325144517, "etime": 1727317325144517, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49829, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317344987831, "etime": 1727317344987831, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49847, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317337878749, "etime": 1727317337878749, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49840, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317323113456, "etime": 1727317323113456, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49827, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317352175643, "etime": 1727317352175643, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49855, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317329207482, "etime": 1727317329207482, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49833, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317340925537, "etime": 1727317340925537, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49843, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317335847363, "etime": 1727317335847363, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49838, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317307660331, "etime": 1727317307660331, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49809, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317327176331, "etime": 1727317327176331, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49831, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317305629355, "etime": 1727317305629355, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49807, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317332801325, "etime": 1727317332801325, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49835, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317304440950, "etime": 1727317304440950, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49805, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317317957602, "etime": 1727317317957602, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49821, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317324128930, "etime": 1727317324128930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49828, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317353191092, "etime": 1727317353191092, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49856, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317321081765, "etime": 1727317321081765, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49825, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317304624353, "etime": 1727317304624353, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49806, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317309707336, "etime": 1727317309707336, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49811, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317328191429, "etime": 1727317328191429, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49832, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317349051717, "etime": 1727317349051717, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49851, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317355254679, "etime": 1727317355254679, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49858, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317310723191, "etime": 1727317310723191, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49812, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317308692411, "etime": 1727317308692411, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49810, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317326161339, "etime": 1727317326161339, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49830, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317343973275, "etime": 1727317343973275, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49846, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317312816542, "etime": 1727317312816542, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49815, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317313899614, "etime": 1727317313899614, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49817, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317320062645, "etime": 1727317320062645, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49824, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317319988650, "etime": 1727317319988650, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49823, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317341942043, "etime": 1727317341942043, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49844, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317322097173, "etime": 1727317322097173, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49826, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317347019441, "etime": 1727317347019441, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49849, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317348034759, "etime": 1727317348034759, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49850, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317316942505, "etime": 1727317316942505, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49820, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317314909975, "etime": 1727317314909975, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49818, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317303426238, "etime": 1727317303426238, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49804, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317306645928, "etime": 1727317306645928, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49808, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317311801066, "etime": 1727317311801066, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49814, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317331786315, "etime": 1727317331786315, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49834, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317242386496, "etime": 1727317242386496, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49801, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317333816187, "etime": 1727317333816187, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49836, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317350066427, "etime": 1727317350066427, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49852, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317346003783, "etime": 1727317346003783, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49848, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317355270108, "etime": 1727317355270108, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49859, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317351159851, "etime": 1727317351159851, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49854, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317334832519, "etime": 1727317334832519, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49837, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317302410458, "etime": 1727317302410458, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49803, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317339910275, "etime": 1727317339910275, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49842, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317336863769, "etime": 1727317336863769, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49839, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317315925875, "etime": 1727317315925875, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49819, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317342957047, "etime": 1727317342957047, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49845, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317313847526, "etime": 1727317313847526, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49816, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317351082383, "etime": 1727317351082383, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49853, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317354207842, "etime": 1727317354207842, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49857, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317242403988, "etime": 1727317242403988, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49802, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317310793443, "etime": 1727317310793443, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49813, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317338894557, "etime": 1727317338894557, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49841, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317318972485, "etime": 1727317318972485, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49822, "dest_port": 8990, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:18:49.125] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26248 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021847Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bfec4838d5d0ec24181c5536fc7f532fff86e08f3aa9d793e5d881ad7dc85bc9"} [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:49.125] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:49.199] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361929199, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645602850235, "etime": 1726645602850235, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49303, "dest_port": 50050, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:18:49.199] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:49.199] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:49.199] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:51.255] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24581 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021850Z&X-Amz-Signature=82b991715b96dee668f6a66245deb6dfc8c09c00b3b1a37fea58143565128183"} [2025-12-10 10:18:51.255] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:51.255] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:51.255] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:51.255] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:51.255] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:51.256] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:51.356] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361931355, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645602850235, "etime": 1726645602850235, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49303, "dest_port": 50050, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:18:51.356] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:18:51.356] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:51.356] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:54.387] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25004 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=db9f197a9cd3bb5fddc71baeccfef5d0338eb96c48e1bafa1e5f6c21ca20b996&X-Amz-Date=20251210T021853Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:54.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:54.387] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:54.387] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:54.387] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:54.387] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:54.388] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:18:56.205] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765361936204, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727156688334177, "etime": 1727156688334177, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50329, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156671112756, "etime": 1727156671112756, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50313, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156684903761, "etime": 1727156684903761, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50326, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156689474126, "etime": 1727156689474126, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50330, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156668834042, "etime": 1727156668834042, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50310, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156603131708, "etime": 1727156603131708, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50306, "dest_port": 8001, "protocol": "tls", "result": "Normal"}, {"stime": 1727156679071441, "etime": 1727156679071441, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50320, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156682453359, "etime": 1727156682453359, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50323, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156684731708, "etime": 1727156684731708, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50325, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156689603851, "etime": 1727156689603851, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50331, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156681330074, "etime": 1727156681330074, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50322, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156683593674, "etime": 1727156683593674, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50324, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156675651378, "etime": 1727156675651378, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50317, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156677929515, "etime": 1727156677929515, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50319, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156667701525, "etime": 1727156667701525, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50309, "dest_port": 5443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727156686057192, "etime": 1727156686057192, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50327, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156665870503, "etime": 1727156665870503, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50308, "dest_port": 5443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727156673379052, "etime": 1727156673379052, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50315, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156605655443, "etime": 1727156605655443, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50307, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156669972732, "etime": 1727156669972732, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50311, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156672250578, "etime": 1727156672250578, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50314, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156674512939, "etime": 1727156674512939, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50316, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156676791684, "etime": 1727156676791684, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50318, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156687195826, "etime": 1727156687195826, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50328, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156680208934, "etime": 1727156680208934, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50321, "dest_port": 5443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:18:56.205] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:18:56.205] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:56.205] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:18:57.494] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26249 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021856Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=edafe6a5d5e7d855eac4757732a3cbad887df5d0110475272dbdcdf9f48cd8c9"} [2025-12-10 10:18:57.494] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:18:57.494] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:18:57.494] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:18:57.495] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:18:57.495] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:18:57.495] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:01.294] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl|result:{"code": 0, "total_count": 54, "abnormal_count": 0, "normal_count": 54, "alert_count": 0, "timestamp": 1765361941293, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727331419886164, "etime": 1727331419886164, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51540, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331424042663, "etime": 1727331424042663, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51545, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331415824889, "etime": 1727331415824889, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51536, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331399949070, "etime": 1727331399949070, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51522, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331407700025, "etime": 1727331407700025, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51528, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331384401483, "etime": 1727331384401483, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51504, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331397917383, "etime": 1727331397917383, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51520, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331398933141, "etime": 1727331398933141, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51521, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331394870644, "etime": 1727331394870644, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51517, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331406683393, "etime": 1727331406683393, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51527, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331417854793, "etime": 1727331417854793, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51538, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331419982118, "etime": 1727331419982118, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51541, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331385417173, "etime": 1727331385417173, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51505, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331388683132, "etime": 1727331388683132, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51510, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331389714403, "etime": 1727331389714403, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51511, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331393854792, "etime": 1727331393854792, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51516, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331322347919, "etime": 1727331322347919, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51496, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331410745545, "etime": 1727331410745545, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51531, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331409729636, "etime": 1727331409729636, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51530, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331422011955, "etime": 1727331422011955, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51543, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331427165032, "etime": 1727331427165032, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51549, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331413792969, "etime": 1727331413792969, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51534, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331431230214, "etime": 1727331431230214, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51553, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331392776733, "etime": 1727331392776733, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51514, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331382371085, "etime": 1727331382371085, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51501, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331416838979, "etime": 1727331416838979, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51537, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331402995484, "etime": 1727331402995484, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51525, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331412776618, "etime": 1727331412776618, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51533, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331401980968, "etime": 1727331401980968, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51524, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331414808057, "etime": 1727331414808057, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51535, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331423026757, "etime": 1727331423026757, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51544, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331387667793, "etime": 1727331387667793, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51509, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331383385865, "etime": 1727331383385865, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51503, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331405674918, "etime": 1727331405674918, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51526, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331408714888, "etime": 1727331408714888, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51529, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331428183006, "etime": 1727331428183006, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51550, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331391761656, "etime": 1727331391761656, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51513, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331395886197, "etime": 1727331395886197, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51518, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331396902051, "etime": 1727331396902051, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51519, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331420995129, "etime": 1727331420995129, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51542, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331400964423, "etime": 1727331400964423, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51523, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331418870632, "etime": 1727331418870632, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51539, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331386636357, "etime": 1727331386636357, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51508, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331385623514, "etime": 1727331385623514, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51506, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331392844522, "etime": 1727331392844522, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51515, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331411761769, "etime": 1727331411761769, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51532, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331425058283, "etime": 1727331425058283, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51546, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331390734843, "etime": 1727331390734843, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51512, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331426073321, "etime": 1727331426073321, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51547, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331427089442, "etime": 1727331427089442, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51548, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331429198940, "etime": 1727331429198940, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51551, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331430213925, "etime": 1727331430213925, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51552, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331431238003, "etime": 1727331431238003, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51554, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727331322363673, "etime": 1727331322363673, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51497, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:01.294] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26250 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021900Z&X-Amz-Signature=66a544e29614d3332fd716d3f0a8bb6aa75fc6825f318af872be602bcf501f74&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:01.294] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:01.295] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:04.954] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl|result:{"code": 0, "total_count": 52, "abnormal_count": 0, "normal_count": 52, "alert_count": 0, "timestamp": 1765361944953, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727322750730138, "etime": 1727322750730138, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51329, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322757084893, "etime": 1727322757084893, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51337, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322737918821, "etime": 1727322737918821, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51318, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322752949050, "etime": 1727322752949050, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51332, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322742995637, "etime": 1727322742995637, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51323, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322736886769, "etime": 1727322736886769, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51317, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322751942230, "etime": 1727322751942230, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51331, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322768245380, "etime": 1727322768245380, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51348, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322748698953, "etime": 1727322748698953, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51327, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322769261457, "etime": 1727322769261457, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51349, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322735882149, "etime": 1727322735882149, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51316, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322772370638, "etime": 1727322772370638, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51353, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322773385940, "etime": 1727322773385940, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51354, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322776433169, "etime": 1727322776433169, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51357, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322735808036, "etime": 1727322735808036, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51315, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322757011578, "etime": 1727322757011578, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51336, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322770342837, "etime": 1727322770342837, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51351, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322777449137, "etime": 1727322777449137, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51358, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322733762500, "etime": 1727322733762500, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51313, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322778464168, "etime": 1727322778464168, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51359, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322749722095, "etime": 1727322749722095, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51328, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322763167387, "etime": 1727322763167387, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51343, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322761136304, "etime": 1727322761136304, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51341, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322739948882, "etime": 1727322739948882, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51320, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322759105073, "etime": 1727322759105073, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51339, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322760121021, "etime": 1727322760121021, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51340, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322746668989, "etime": 1727322746668989, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51325, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322731653193, "etime": 1727322731653193, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51310, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322753964743, "etime": 1727322753964743, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51333, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322740965361, "etime": 1727322740965361, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51321, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322671609275, "etime": 1727322671609275, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51308, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322755996069, "etime": 1727322755996069, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51335, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322754979654, "etime": 1727322754979654, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51334, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322764183021, "etime": 1727322764183021, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51344, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322734776644, "etime": 1727322734776644, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51314, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322738934492, "etime": 1727322738934492, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51319, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322744012747, "etime": 1727322744012747, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51324, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322671630627, "etime": 1727322671630627, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51309, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322747693347, "etime": 1727322747693347, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51326, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322750929137, "etime": 1727322750929137, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51330, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322770276862, "etime": 1727322770276862, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51350, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322771354878, "etime": 1727322771354878, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51352, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322774401861, "etime": 1727322774401861, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51355, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322741980811, "etime": 1727322741980811, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51322, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322766214702, "etime": 1727322766214702, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51346, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322762152233, "etime": 1727322762152233, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51342, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322767230519, "etime": 1727322767230519, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51347, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322732729837, "etime": 1727322732729837, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51312, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322758089287, "etime": 1727322758089287, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51338, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322765199893, "etime": 1727322765199893, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51345, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322775417972, "etime": 1727322775417972, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51356, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322731717116, "etime": 1727322731717116, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51311, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:04.955] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25005 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021903Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=86b84e1c6d7b461a5661059f77e807509313ccaff7a452c0e648c76c8d3698c0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:04.955] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:08.433] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl|result:{"code": 0, "total_count": 49, "abnormal_count": 0, "normal_count": 49, "alert_count": 0, "timestamp": 1765361948432, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727321942057592, "etime": 1727321942057592, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51040, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321927833202, "etime": 1727321927833202, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51024, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321963354992, "etime": 1727321963354992, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51064, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321949276336, "etime": 1727321949276336, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51048, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321960229478, "etime": 1727321960229478, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51060, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321925789855, "etime": 1727321925789855, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51022, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321939010930, "etime": 1727321939010930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51037, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321962260254, "etime": 1727321962260254, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51062, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321925729269, "etime": 1727321925729269, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51021, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321950291494, "etime": 1727321950291494, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51049, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321952322829, "etime": 1727321952322829, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51051, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321944103954, "etime": 1727321944103954, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51042, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321965385311, "etime": 1727321965385311, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51066, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321932916870, "etime": 1727321932916870, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51031, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321959215947, "etime": 1727321959215947, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51059, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321954354527, "etime": 1727321954354527, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51055, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321929869501, "etime": 1727321929869501, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51028, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321951307980, "etime": 1727321951307980, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51050, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321961244579, "etime": 1727321961244579, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51061, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321967417390, "etime": 1727321967417390, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51068, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321936978624, "etime": 1727321936978624, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51035, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321946135409, "etime": 1727321946135409, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51044, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321865716654, "etime": 1727321865716654, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51007, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321933933032, "etime": 1727321933933032, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51032, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321931901568, "etime": 1727321931901568, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51030, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321945120166, "etime": 1727321945120166, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51043, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321969454918, "etime": 1727321969454918, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51071, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321948166803, "etime": 1727321948166803, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51046, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321953338702, "etime": 1727321953338702, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51052, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321865697974, "etime": 1727321865697974, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51006, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321934947957, "etime": 1727321934947957, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51033, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321948256820, "etime": 1727321948256820, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51047, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321958995533, "etime": 1727321958995533, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51058, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321969448540, "etime": 1727321969448540, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51070, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321957947740, "etime": 1727321957947740, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51057, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321956940978, "etime": 1727321956940978, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51056, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321937994618, "etime": 1727321937994618, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51036, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321935963270, "etime": 1727321935963270, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51034, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321943089856, "etime": 1727321943089856, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51041, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321964369920, "etime": 1727321964369920, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51065, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321940025882, "etime": 1727321940025882, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51038, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321928854159, "etime": 1727321928854159, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51027, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321926807309, "etime": 1727321926807309, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51023, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321947151230, "etime": 1727321947151230, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51045, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321968432299, "etime": 1727321968432299, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51069, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321941042002, "etime": 1727321941042002, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51039, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321963276013, "etime": 1727321963276013, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51063, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321930885201, "etime": 1727321930885201, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51029, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727321966400895, "etime": 1727321966400895, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51067, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:08.434] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25006 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=13891c4b50e61de85cc09413753bff62195ba7fc3db31462c1067be2d29e3c6a&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021906Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:08.434] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:11.749] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl|result:{"code": 0, "total_count": 47, "abnormal_count": 0, "normal_count": 47, "alert_count": 0, "timestamp": 1765361951748, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727320935276683, "etime": 1727320935276683, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50836, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320918401795, "etime": 1727320918401795, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50820, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320917381512, "etime": 1727320917381512, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50819, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320926558494, "etime": 1727320926558494, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50829, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320938386681, "etime": 1727320938386681, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50840, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320910043918, "etime": 1727320910043918, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50811, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320939402169, "etime": 1727320939402169, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50841, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320931651555, "etime": 1727320931651555, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50834, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320912089412, "etime": 1727320912089412, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50813, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320917183522, "etime": 1727320917183522, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50818, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320936292717, "etime": 1727320936292717, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50837, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320927573803, "etime": 1727320927573803, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50830, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320922464778, "etime": 1727320922464778, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50825, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320940417342, "etime": 1727320940417342, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50842, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320937374378, "etime": 1727320937374378, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50839, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320842775805, "etime": 1727320842775805, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50801, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320856777123, "etime": 1727320856777123, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50802, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727320918839250, "etime": 1727320918839250, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50821, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727320980901671, "etime": 1727320980901671, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50846, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727320925542353, "etime": 1727320925542353, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50828, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320914120815, "etime": 1727320914120815, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50815, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320942449121, "etime": 1727320942449121, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50844, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320942458004, "etime": 1727320942458004, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50845, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320921449516, "etime": 1727320921449516, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50824, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320937308022, "etime": 1727320937308022, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50838, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320941433065, "etime": 1727320941433065, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50843, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320919418295, "etime": 1727320919418295, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50822, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320916167187, "etime": 1727320916167187, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50817, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320908015202, "etime": 1727320908015202, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50809, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320924527289, "etime": 1727320924527289, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50827, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320906855460, "etime": 1727320906855460, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50807, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320902793033, "etime": 1727320902793033, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50803, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320915136070, "etime": 1727320915136070, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50816, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320904824334, "etime": 1727320904824334, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50805, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320930637737, "etime": 1727320930637737, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50833, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320903808106, "etime": 1727320903808106, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50804, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320911058396, "etime": 1727320911058396, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50812, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320920433481, "etime": 1727320920433481, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50823, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320842754780, "etime": 1727320842754780, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50800, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320909028024, "etime": 1727320909028024, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50810, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320928589899, "etime": 1727320928589899, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50831, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320907886430, "etime": 1727320907886430, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50808, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320913104878, "etime": 1727320913104878, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50814, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320923507876, "etime": 1727320923507876, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50826, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320905839489, "etime": 1727320905839489, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50806, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320929620583, "etime": 1727320929620583, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50832, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320934263028, "etime": 1727320934263028, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50835, "dest_port": 8100, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:11.749] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25007 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl?X-Amz-Date=20251210T021909Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=238a68db7f854b926be035d217c0213c1b733211cfd13bb0c374507f424b093b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:11.749] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:11.822] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361951822, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645526006980, "etime": 1726645526006980, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49302, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:19:11.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:11.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:11.822] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:13.133] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25008 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=91639f4524102a8e3f4380d6b4d83c31e1eea4db2b4e5c6c9b1efaca670b0097&X-Amz-Expires=604800&X-Amz-Date=20251210T021912Z"} [2025-12-10 10:19:13.133] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:13.134] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:13.134] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:13.134] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:13.134] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:13.134] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:13.220] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361953220, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645526006980, "etime": 1726645526006980, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49302, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:19:13.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:13.220] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:13.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:16.238] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24582 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=47a3b8ac01b2143ae05d5195ccad84de041da79c1533aa3af6253926b4ab2789&X-Amz-Date=20251210T021915Z"} [2025-12-10 10:19:16.238] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:16.238] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:16.239] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:16.239] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:16.239] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:16.239] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:19.332] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl|result:{"code": 0, "total_count": 43, "abnormal_count": 0, "normal_count": 43, "alert_count": 0, "timestamp": 1765361959331, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727319551620254, "etime": 1727319551620254, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50513, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319560121049, "etime": 1727319560121049, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50523, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319573526867, "etime": 1727319573526867, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50538, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319561199619, "etime": 1727319561199619, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50525, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319578697989, "etime": 1727319578697989, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50544, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319557979962, "etime": 1727319557979962, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50520, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319563229867, "etime": 1727319563229867, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50527, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319552667923, "etime": 1727319552667923, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50514, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319576666679, "etime": 1727319576666679, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50542, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319482865541, "etime": 1727319482865541, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50505, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319568307670, "etime": 1727319568307670, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50532, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319482834057, "etime": 1727319482834057, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50504, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319574635978, "etime": 1727319574635978, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50540, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319567291764, "etime": 1727319567291764, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50531, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319544917168, "etime": 1727319544917168, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50508, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319573617630, "etime": 1727319573617630, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50539, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319570433865, "etime": 1727319570433865, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50535, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319575651200, "etime": 1727319575651200, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50541, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319579713764, "etime": 1727319579713764, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50545, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319579724017, "etime": 1727319579724017, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50546, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319554940273, "etime": 1727319554940273, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50517, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319543901245, "etime": 1727319543901245, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50507, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319542885483, "etime": 1727319542885483, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50506, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319569323774, "etime": 1727319569323774, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50533, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319561135554, "etime": 1727319561135554, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50524, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319565260481, "etime": 1727319565260481, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50529, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319566277028, "etime": 1727319566277028, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50530, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319577682445, "etime": 1727319577682445, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50543, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319569416725, "etime": 1727319569416725, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50534, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319559011234, "etime": 1727319559011234, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50521, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319553683103, "etime": 1727319553683103, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50515, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319554698962, "etime": 1727319554698962, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50516, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319562214041, "etime": 1727319562214041, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50526, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319571496158, "etime": 1727319571496158, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50536, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319564245071, "etime": 1727319564245071, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50528, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319572510551, "etime": 1727319572510551, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50537, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319545932136, "etime": 1727319545932136, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50509, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319556963799, "etime": 1727319556963799, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50519, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319555949330, "etime": 1727319555949330, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50518, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319546948808, "etime": 1727319546948808, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50510, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319559091615, "etime": 1727319559091615, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50522, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319550612116, "etime": 1727319550612116, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50512, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727319547963516, "etime": 1727319547963516, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50511, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:19.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:19.404] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26251 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021918Z&X-Amz-Signature=b897e678cfce7491f43b9686d97520496bc65472b9d98a7961a650fcd02801a9&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:19.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:19.405] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:19.484] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361959483, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050485585778, "etime": 1726050485585778, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50462, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:19.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:19.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:19.484] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:22.570] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25009 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f28e777b1171aa6aba448dfc9193b8aa61969a4983dafb54759528bf6c1c0b88&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021922Z"} [2025-12-10 10:19:22.570] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:22.570] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:22.571] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:22.571] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:22.571] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:22.571] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:22.693] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361962692, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050485585778, "etime": 1726050485585778, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50462, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:22.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:22.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:22.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:25.744] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25010 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2aa11e8ae8b3943dccdbb2ac40b19ae6561da90e1f172cb53cfd49d5d0e31c1d&X-Amz-Date=20251210T021925Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:25.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:25.744] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:25.744] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:25.744] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:25.744] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:25.745] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:25.876] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361965875, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051351888341, "etime": 1726051351888341, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50508, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:25.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:25.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:25.876] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:28.848] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25011 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl?X-Amz-Signature=fa9fa5d81c201ef5b3d04e9b2a99a034634f5651c1e217b5d383bb0eefafcc6d&X-Amz-Date=20251210T021928Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:28.848] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:28.848] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:28.848] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:28.848] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:28.848] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:28.849] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:32.221] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl|result:{"code": 0, "total_count": 47, "abnormal_count": 0, "normal_count": 47, "alert_count": 0, "timestamp": 1765361972220, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727320647042423, "etime": 1727320647042423, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50779, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320648081674, "etime": 1727320648081674, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50780, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320634260474, "etime": 1727320634260474, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50767, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320640354392, "etime": 1727320640354392, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50773, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320559693503, "etime": 1727320559693503, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50749, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320631150909, "etime": 1727320631150909, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50763, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320646026050, "etime": 1727320646026050, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50778, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320559670228, "etime": 1727320559670228, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50748, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320659473717, "etime": 1727320659473717, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50794, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320619713588, "etime": 1727320619713588, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50751, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320624792298, "etime": 1727320624792298, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50756, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320632166906, "etime": 1727320632166906, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50764, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320654291430, "etime": 1727320654291430, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50787, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320608479766, "etime": 1727320608479766, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50750, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727320635276296, "etime": 1727320635276296, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50768, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320648146373, "etime": 1727320648146373, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50781, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320657434762, "etime": 1727320657434762, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50791, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320653276543, "etime": 1727320653276543, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50786, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320630136006, "etime": 1727320630136006, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50762, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320636291852, "etime": 1727320636291852, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50769, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320643946788, "etime": 1727320643946788, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50775, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320650182678, "etime": 1727320650182678, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50783, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320621745110, "etime": 1727320621745110, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50753, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320626822862, "etime": 1727320626822862, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50758, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320637307219, "etime": 1727320637307219, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50770, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320649166740, "etime": 1727320649166740, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50782, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320632234436, "etime": 1727320632234436, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50765, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320639341776, "etime": 1727320639341776, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50772, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320644963918, "etime": 1727320644963918, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50776, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320638323484, "etime": 1727320638323484, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50771, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320633245404, "etime": 1727320633245404, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50766, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320628870659, "etime": 1727320628870659, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50760, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320629116240, "etime": 1727320629116240, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50761, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320641369450, "etime": 1727320641369450, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50774, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320645017178, "etime": 1727320645017178, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50777, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320651230257, "etime": 1727320651230257, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50784, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320620729967, "etime": 1727320620729967, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50752, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320652245635, "etime": 1727320652245635, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50785, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320622760676, "etime": 1727320622760676, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50754, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320655385348, "etime": 1727320655385348, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50789, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320625807681, "etime": 1727320625807681, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50757, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320627839096, "etime": 1727320627839096, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50759, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320656401109, "etime": 1727320656401109, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50790, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320655307635, "etime": 1727320655307635, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50788, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320658448215, "etime": 1727320658448215, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50792, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320659464523, "etime": 1727320659464523, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50793, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320623776266, "etime": 1727320623776266, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50755, "dest_port": 8100, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:32.221] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25012 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021931Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bd3f0f946c078211e8312c8685b705f50cfeb092236fae946c46588f4c38824e"} [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:32.221] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:32.222] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:35.259] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl|result:{"code": 0, "total_count": 43, "abnormal_count": 0, "normal_count": 43, "alert_count": 0, "timestamp": 1765361975258, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727318326119324, "etime": 1727318326119324, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50166, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318313822238, "etime": 1727318313822238, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50153, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318336945901, "etime": 1727318336945901, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50178, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318327213401, "etime": 1727318327213401, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50168, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318331291393, "etime": 1727318331291393, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50172, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318337963393, "etime": 1727318337963393, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50179, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318339995362, "etime": 1727318339995362, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50181, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318344191780, "etime": 1727318344191780, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50187, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318342089497, "etime": 1727318342089497, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50184, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318346213702, "etime": 1727318346213702, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50189, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318325088912, "etime": 1727318325088912, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50165, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318347229461, "etime": 1727318347229461, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50190, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318251566830, "etime": 1727318251566830, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50148, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318332307483, "etime": 1727318332307483, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50173, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318340064166, "etime": 1727318340064166, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50182, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318328228738, "etime": 1727318328228738, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50169, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318334338405, "etime": 1727318334338405, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50175, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318329245237, "etime": 1727318329245237, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50170, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318317900891, "etime": 1727318317900891, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50157, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318326190946, "etime": 1727318326190946, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50167, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318313604389, "etime": 1727318313604389, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50152, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318312588131, "etime": 1727318312588131, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50151, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318344119917, "etime": 1727318344119917, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50186, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318341072776, "etime": 1727318341072776, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50183, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318321026625, "etime": 1727318321026625, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50161, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318345198209, "etime": 1727318345198209, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50188, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318315853905, "etime": 1727318315853905, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50155, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318319932680, "etime": 1727318319932680, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50159, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318314839741, "etime": 1727318314839741, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50154, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318322041320, "etime": 1727318322041320, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50162, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318330277581, "etime": 1727318330277581, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50171, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318320017729, "etime": 1727318320017729, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50160, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318333322522, "etime": 1727318333322522, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50174, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318318916491, "etime": 1727318318916491, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50158, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318251512140, "etime": 1727318251512140, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50147, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318338979184, "etime": 1727318338979184, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50180, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318316870031, "etime": 1727318316870031, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50156, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318311574144, "etime": 1727318311574144, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50150, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318324072508, "etime": 1727318324072508, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50164, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318343104019, "etime": 1727318343104019, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50185, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318348244221, "etime": 1727318348244221, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50191, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318348253116, "etime": 1727318348253116, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50192, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727318323057539, "etime": 1727318323057539, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50163, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:35.259] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24583 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021934Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5505a73afbf6545f41b6bd03223a9b5fccbae689277e9d1cc934ac30fcbbcf56"} [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:35.259] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:35.334] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361975333, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049011841159, "etime": 1726049011841159, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50375, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:35.334] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:35.334] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:35.334] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:38.292] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24584 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021937Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cd1a03d87777bfd62dfcf1adf94f97d07c09ccb7cda4a0b5be0cda4c5177337f"} [2025-12-10 10:19:38.292] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:38.292] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:38.292] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:38.292] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:38.292] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:38.293] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:38.382] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361978381, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049011841159, "etime": 1726049011841159, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50375, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:38.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:38.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:38.382] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:41.476] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26252 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl?X-Amz-Signature=f747ac20742120270cb30c280275082ee3f7a1fbfd194a3c20611371dda98cd4&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021941Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:41.476] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:41.476] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:41.476] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:41.476] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:41.476] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:41.477] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:48.724] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl|result:{"code": 1, "total_count": 102, "abnormal_count": 100, "normal_count": 2, "alert_count": 100, "timestamp": 1765361988722, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726235874201516, "etime": 1726235874201516, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50813, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235966693034, "etime": 1726235966693034, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50931, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235890781871, "etime": 1726235890781871, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50839, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235921670736, "etime": 1726235921670736, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50873, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235958970073, "etime": 1726235958970073, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50921, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235912341322, "etime": 1726235912341322, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50861, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235975974736, "etime": 1726235975974736, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235932606478, "etime": 1726235932606478, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50887, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235977503471, "etime": 1726235977503471, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50945, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235989796237, "etime": 1726235989796237, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50961, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235995879415, "etime": 1726235995879415, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50969, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235998953853, "etime": 1726235998953853, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50973, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235888582422, "etime": 1726235888582422, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50835, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235994350428, "etime": 1726235994350428, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50967, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236011199634, "etime": 1726236011199634, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50989, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235916990454, "etime": 1726235916990454, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50867, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235910797642, "etime": 1726235910797642, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50859, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726235884853845, "etime": 1726235884853845, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50829, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235867305027, "etime": 1726235867305027, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50803, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235941919023, "etime": 1726235941919023, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50899, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235960514006, "etime": 1726235960514006, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235934165783, "etime": 1726235934165783, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50889, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235859582467, "etime": 1726235859582467, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50793, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235924805606, "etime": 1726235924805606, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50877, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235887038609, "etime": 1726235887038609, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50833, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235870471337, "etime": 1726235870471337, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50807, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235908631401, "etime": 1726235908631401, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50855, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726235910189462, "etime": 1726235910189462, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50857, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235955896481, "etime": 1726235955896481, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50917, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235962043256, "etime": 1726235962043256, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235980591472, "etime": 1726235980591472, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50949, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236005068779, "etime": 1726236005068779, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50981, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235858007880, "etime": 1726235858007880, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50791, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236008141172, "etime": 1726236008141172, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235923246863, "etime": 1726235923246863, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50875, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235983666532, "etime": 1726235983666532, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50953, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236003555060, "etime": 1726236003555060, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50979, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236006597256, "etime": 1726236006597256, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235992838163, "etime": 1726235992838163, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50965, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235913870463, "etime": 1726235913870463, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50863, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235880162137, "etime": 1726235880162137, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50823, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235949688657, "etime": 1726235949688657, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50909, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235940391066, "etime": 1726235940391066, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50897, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235927909737, "etime": 1726235927909737, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50881, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235920125577, "etime": 1726235920125577, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50871, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235864218446, "etime": 1726235864218446, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50799, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235872614970, "etime": 1726235872614970, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50811, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235931046403, "etime": 1726235931046403, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50885, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235937270777, "etime": 1726235937270777, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50893, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235971309543, "etime": 1726235971309543, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50937, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235946568413, "etime": 1726235946568413, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50905, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235929485614, "etime": 1726235929485614, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50883, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235889238177, "etime": 1726235889238177, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50837, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726235894521465, "etime": 1726235894521465, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50845, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726235954336651, "etime": 1726235954336651, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50915, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235871067648, "etime": 1726235871067648, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50809, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235979047855, "etime": 1726235979047855, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50947, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235965147340, "etime": 1726235965147340, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50929, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235986723235, "etime": 1726235986723235, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50957, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235879566623, "etime": 1726235879566623, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50821, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235951232829, "etime": 1726235951232829, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50911, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235865774949, "etime": 1726235865774949, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50801, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235877975336, "etime": 1726235877975336, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50819, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235892327287, "etime": 1726235892327287, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50841, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235926350350, "etime": 1726235926350350, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50879, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235861126771, "etime": 1726235861126771, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50795, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235952762036, "etime": 1726235952762036, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50913, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235881703133, "etime": 1726235881703133, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50825, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235945007418, "etime": 1726235945007418, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50903, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235969765505, "etime": 1726235969765505, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50935, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235988267113, "etime": 1726235988267113, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50959, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235963587533, "etime": 1726235963587533, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50927, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235897662289, "etime": 1726235897662289, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235906104041, "etime": 1726235906104041, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50851, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726235997423465, "etime": 1726235997423465, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50971, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236000465420, "etime": 1726236000465420, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50975, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235876395237, "etime": 1726235876395237, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50817, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726235896086429, "etime": 1726235896086429, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50847, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235885488258, "etime": 1726235885488258, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50831, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235968221158, "etime": 1726235968221158, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50933, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235893886897, "etime": 1726235893886897, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50843, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235985195068, "etime": 1726235985195068, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50955, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235972854212, "etime": 1726235972854212, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50939, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235875790502, "etime": 1726235875790502, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50815, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235991309156, "etime": 1726235991309156, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50963, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236009669728, "etime": 1726236009669728, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50987, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235797397833, "etime": 1726235797397833, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50789, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235974429382, "etime": 1726235974429382, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50941, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235915430816, "etime": 1726235915430816, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50865, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235957441431, "etime": 1726235957441431, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50919, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235935710760, "etime": 1726235935710760, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50891, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235918569714, "etime": 1726235918569714, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50869, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236011740360, "etime": 1726236011740360, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50991, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235948129165, "etime": 1726235948129165, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50907, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235938830483, "etime": 1726235938830483, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50895, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235982105036, "etime": 1726235982105036, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50951, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235943463146, "etime": 1726235943463146, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50901, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235907645785, "etime": 1726235907645785, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50853, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235862640976, "etime": 1726235862640976, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50797, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236002010505, "etime": 1726236002010505, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50977, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235883279533, "etime": 1726235883279533, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50827, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726235868879637, "etime": 1726235868879637, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50805, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 100|max_alert: 1000 [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:48.724] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24585 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021944Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c0a946eff6062109c9cd451a4f8f53ab0aabe3c7bdad08e09102572c9fd734ca"} [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:48.724] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:48.797] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361988796, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051351888341, "etime": 1726051351888341, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50508, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:48.797] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24586 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl?X-Amz-Signature=b917acd640d4be53b8fc361e1b1a98dad5e71b47d13721ef9511a2141f37f164&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021947Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:48.797] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:48.870] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361988870, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050849570878, "etime": 1726050849570878, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50486, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:48.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:48.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:48.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:50.986] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25013 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021950Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=539ed0a7539f1ea81eb26a8fbdd9981d0750c2f407e9d2b5b9b88c952ac2d58d"} [2025-12-10 10:19:50.986] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:50.986] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:50.987] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:50.987] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:50.987] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:50.987] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:51.077] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361991077, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050849570878, "etime": 1726050849570878, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50486, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:19:51.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:51.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:51.077] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:19:54.092] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24587 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl?X-Amz-Signature=cce3b24313a48def0a2d2eb3f8414a89c2f3448c8af8373c853a2c3f7d9a4dc6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021953Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:54.092] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:54.092] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:54.092] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:54.092] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:54.092] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:54.093] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:57.094] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl|result:{"code": 0, "total_count": 41, "abnormal_count": 0, "normal_count": 41, "alert_count": 0, "timestamp": 1765361997093, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727316562036856, "etime": 1727316562036856, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49760, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316648359336, "etime": 1727316648359336, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49788, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316631797382, "etime": 1727316631797382, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49769, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316638082803, "etime": 1727316638082803, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49776, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316649429822, "etime": 1727316649429822, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49789, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316646334501, "etime": 1727316646334501, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49786, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316630782049, "etime": 1727316630782049, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49768, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316645266544, "etime": 1727316645266544, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49784, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316641140785, "etime": 1727316641140785, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49779, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316639094540, "etime": 1727316639094540, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49777, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316640125738, "etime": 1727316640125738, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49778, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316634845093, "etime": 1727316634845093, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49772, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316647344617, "etime": 1727316647344617, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49787, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316653578928, "etime": 1727316653578928, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49794, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316655640831, "etime": 1727316655640831, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49796, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316657687891, "etime": 1727316657687891, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49798, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316656672377, "etime": 1727316656672377, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49797, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316622047189, "etime": 1727316622047189, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49761, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316657695161, "etime": 1727316657695161, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49799, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316627730191, "etime": 1727316627730191, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49765, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316625094448, "etime": 1727316625094448, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49764, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316642156930, "etime": 1727316642156930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49780, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316646282833, "etime": 1727316646282833, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49785, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316651469019, "etime": 1727316651469019, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49791, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316637890993, "etime": 1727316637890993, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49775, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316654626798, "etime": 1727316654626798, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49795, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316652568952, "etime": 1727316652568952, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49793, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316628750203, "etime": 1727316628750203, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49766, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316643246571, "etime": 1727316643246571, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49782, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316636875095, "etime": 1727316636875095, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49774, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316652484289, "etime": 1727316652484289, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49792, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316623062822, "etime": 1727316623062822, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49762, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316644251618, "etime": 1727316644251618, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49783, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316562010366, "etime": 1727316562010366, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49759, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316632818260, "etime": 1727316632818260, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49770, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316633827951, "etime": 1727316633827951, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49771, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316629765789, "etime": 1727316629765789, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49767, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316624079522, "etime": 1727316624079522, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49763, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316635860300, "etime": 1727316635860300, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49773, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316650441589, "etime": 1727316650441589, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49790, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727316643172299, "etime": 1727316643172299, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49781, "dest_port": 8990, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:19:57.094] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:19:57.244] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24588 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021956Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=31b3a4d84d4a88b99b024a927c76ba1f3e9d62607891474e9e72e05367382ac9"} [2025-12-10 10:19:57.244] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:19:57.244] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:19:57.244] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:19:57.244] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:19:57.244] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:19:57.245] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:19:57.322] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765361997321, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642630518789, "etime": 1726642630518789, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49293, "dest_port": 50050, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:19:57.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:19:57.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:57.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:00.396] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24589 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl?X-Amz-Date=20251210T021959Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7ee8555b4b029300bcdc2a329155bb282d939c5c16e74348c2b35fb6ca3e75a3"} [2025-12-10 10:20:00.396] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:00.396] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:00.396] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:00.396] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:00.396] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:00.397] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:00.521] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362000521, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642630518789, "etime": 1726642630518789, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49293, "dest_port": 50050, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:20:00.521] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:00.521] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:00.521] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:03.560] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26253 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5231f23c2ab0ee34a4b9bb1fb1b804fc811d7f9124508dec437c03ae74c49915&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022003Z"} [2025-12-10 10:20:03.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:03.560] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:03.560] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:03.560] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:03.560] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:03.561] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:03.690] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362003689, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046985257107, "etime": 1726046985257107, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50357, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:03.690] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:03.690] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:03.690] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:06.665] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25014 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3459db58e03b23327eb579b1ce8b00493ad80972922ddc00df6afe2a94829608&X-Amz-Date=20251210T022006Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:06.665] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:06.665] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:06.665] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:06.665] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:06.665] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:06.666] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:09.308] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl|result:{"code": 0, "total_count": 36, "abnormal_count": 0, "normal_count": 36, "alert_count": 0, "timestamp": 1765362009307, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727320395151749, "etime": 1727320395151749, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50725, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320388839900, "etime": 1727320388839900, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50718, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320391093302, "etime": 1727320391093302, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50721, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320360198999, "etime": 1727320360198999, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50707, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727320389854994, "etime": 1727320389854994, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50719, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320378996063, "etime": 1727320378996063, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50709, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320385714614, "etime": 1727320385714614, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50714, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320318956108, "etime": 1727320318956108, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50702, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320403547601, "etime": 1727320403547601, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50737, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320405574410, "etime": 1727320405574410, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50739, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320384698949, "etime": 1727320384698949, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50713, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320400418155, "etime": 1727320400418155, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50733, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320397262949, "etime": 1727320397262949, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50729, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320386808437, "etime": 1727320386808437, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50716, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320397357279, "etime": 1727320397357279, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50730, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320407613571, "etime": 1727320407613571, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50742, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320406589620, "etime": 1727320406589620, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50740, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320401434062, "etime": 1727320401434062, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50734, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320382669602, "etime": 1727320382669602, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50711, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320407606332, "etime": 1727320407606332, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50741, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320387823796, "etime": 1727320387823796, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50717, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320394136569, "etime": 1727320394136569, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50724, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320403464981, "etime": 1727320403464981, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50736, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320402448609, "etime": 1727320402448609, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50735, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320396230645, "etime": 1727320396230645, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50727, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320318978633, "etime": 1727320318978633, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50703, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320385802521, "etime": 1727320385802521, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50715, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320390871278, "etime": 1727320390871278, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50720, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320404558222, "etime": 1727320404558222, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50738, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320398371290, "etime": 1727320398371290, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50731, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320399404650, "etime": 1727320399404650, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50732, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320392105201, "etime": 1727320392105201, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50722, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320383683560, "etime": 1727320383683560, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50712, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320393121405, "etime": 1727320393121405, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50723, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320380011586, "etime": 1727320380011586, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50710, "dest_port": 8100, "protocol": "tls", "result": "Normal"}, {"stime": 1727320395215747, "etime": 1727320395215747, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50726, "dest_port": 8100, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:09.308] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:20:09.830] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24590 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=413fd52a88df19f248c6bbbc3ffab21a00d6c5a47c34b205f2628e20829254e2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022009Z"} [2025-12-10 10:20:09.830] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:09.830] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:09.830] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:09.830] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:09.830] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:09.831] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:09.906] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362009906, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046985257107, "etime": 1726046985257107, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50357, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:09.906] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:09.906] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:09.906] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:13.002] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25015 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022012Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0a4466afb813bed529d7729ab0e700f0a1ec967920525f4f4890b695fa334c4b&X-Amz-Expires=604800"} [2025-12-10 10:20:13.002] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:13.002] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:13.002] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:13.002] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:13.002] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:13.003] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:13.124] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362013123, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051299282633, "etime": 1726051299282633, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50506, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:13.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:13.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:13.124] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:16.171] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26254 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=39460e88388643ffddfc6403daadc4f924d1b59fb40f68dba5a4ac8982408cb1&X-Amz-Date=20251210T022015Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:20:16.171] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:16.171] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:16.172] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:16.172] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:16.172] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:16.173] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:16.301] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362016300, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051299282633, "etime": 1726051299282633, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50506, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:16.301] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:16.301] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:16.301] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:19.276] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25016 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl?X-Amz-Signature=65098d0fb034a07c69930b1c2d2173d1a6ee1b65a862545329902407ddc4e033&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022018Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:20:19.277] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:19.277] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:19.277] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:19.277] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:19.277] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:19.278] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:23.342] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl|result:{"code": 0, "total_count": 55, "abnormal_count": 0, "normal_count": 55, "alert_count": 0, "timestamp": 1765362023341, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726065272083500, "etime": 1726065272083500, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53838, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065296521920, "etime": 1726065296521920, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53862, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065260901617, "etime": 1726065260901617, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53827, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065304660192, "etime": 1726065304660192, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53871, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065265988430, "etime": 1726065265988430, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53832, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065284305599, "etime": 1726065284305599, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53850, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065269031627, "etime": 1726065269031627, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53835, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065273107644, "etime": 1726065273107644, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53839, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065276157852, "etime": 1726065276157852, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53842, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065277171185, "etime": 1726065277171185, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53843, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065279202818, "etime": 1726065279202818, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53845, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065194520238, "etime": 1726065194520238, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53818, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065295498961, "etime": 1726065295498961, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53861, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065281240841, "etime": 1726065281240841, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53847, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065275149446, "etime": 1726065275149446, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53841, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065288376057, "etime": 1726065288376057, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53854, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065254579246, "etime": 1726065254579246, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53820, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065305673584, "etime": 1726065305673584, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53873, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065298553973, "etime": 1726065298553973, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53864, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065305666461, "etime": 1726065305666461, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53872, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065261923943, "etime": 1726065261923943, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53828, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065274128514, "etime": 1726065274128514, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53840, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065258869589, "etime": 1726065258869589, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53825, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065256831956, "etime": 1726065256831956, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53823, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065282270844, "etime": 1726065282270844, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53848, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065268013363, "etime": 1726065268013363, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53834, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065285318146, "etime": 1726065285318146, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53851, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065262933143, "etime": 1726065262933143, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53829, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065270037246, "etime": 1726065270037246, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53836, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065286325937, "etime": 1726065286325937, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53852, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065287342844, "etime": 1726065287342844, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53853, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065289389639, "etime": 1726065289389639, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53855, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065299580214, "etime": 1726065299580214, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53865, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065257847231, "etime": 1726065257847231, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53824, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065267001837, "etime": 1726065267001837, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53833, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065271058517, "etime": 1726065271058517, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53837, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065255814109, "etime": 1726065255814109, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53822, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065264976250, "etime": 1726065264976250, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53831, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065263952119, "etime": 1726065263952119, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53830, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065294478391, "etime": 1726065294478391, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53860, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065297532887, "etime": 1726065297532887, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53863, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065290406340, "etime": 1726065290406340, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53856, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065300606292, "etime": 1726065300606292, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53866, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065301628366, "etime": 1726065301628366, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53867, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065302640063, "etime": 1726065302640063, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53868, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065283282094, "etime": 1726065283282094, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53849, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065303649767, "etime": 1726065303649767, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53870, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065259886211, "etime": 1726065259886211, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53826, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065278184945, "etime": 1726065278184945, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53844, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065194556670, "etime": 1726065194556670, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53819, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065280222348, "etime": 1726065280222348, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53846, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065254795559, "etime": 1726065254795559, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53821, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065291418479, "etime": 1726065291418479, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53857, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065293463595, "etime": 1726065293463595, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53859, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726065292440515, "etime": 1726065292440515, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53858, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:20:23.342] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25017 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl?X-Amz-Signature=27bc9c6e75b89c0214d08b7f054a7c424ca56eb0a10ea59dd704c5139e11fb8b&X-Amz-Date=20251210T022021Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:23.342] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:23.415] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362023414, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642261482174, "etime": 1726642261482174, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49292, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:20:23.415] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:23.415] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:23.415] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:25.580] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24591 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=4ddd93ad8b7a00bf41420c47c31cc2409ed7044b971d35c760fcd966a49d0157&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022025Z"} [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:25.580] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:25.681] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362025680, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726642261482174, "etime": 1726642261482174, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49292, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:20:25.681] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:25.681] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:25.681] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:28.703] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26255 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl?X-Amz-Date=20251210T022028Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a5ab4560f4fe7c5986c89e9b6bc2ca288fa2f0666156c4cbb4bb72229e0da053&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:28.703] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:28.703] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:28.703] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:28.703] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:28.703] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:28.704] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:30.170] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765362030169, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727156127612101, "etime": 1727156127612101, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50252, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156137022493, "etime": 1727156137022493, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50262, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156134599322, "etime": 1727156134599322, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50259, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156059634288, "etime": 1727156059634288, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50244, "dest_port": 5443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727156124162922, "etime": 1727156124162922, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50249, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156132134805, "etime": 1727156132134805, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50256, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156135738129, "etime": 1727156135738129, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50260, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156136892091, "etime": 1727156136892091, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50261, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156125303173, "etime": 1727156125303173, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50250, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156133258108, "etime": 1727156133258108, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50257, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156128734031, "etime": 1727156128734031, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50253, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156123024635, "etime": 1727156123024635, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50248, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156130996100, "etime": 1727156130996100, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50255, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156119952295, "etime": 1727156119952295, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50246, "dest_port": 5443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727156126441214, "etime": 1727156126441214, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50251, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156133435745, "etime": 1727156133435745, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50258, "dest_port": 5443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727156129857505, "etime": 1727156129857505, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50254, "dest_port": 5443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156056987959, "etime": 1727156056987959, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50243, "dest_port": 8001, "protocol": "tls", "result": "Normal"}, {"stime": 1727156121888245, "etime": 1727156121888245, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50247, "dest_port": 5443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:20:30.170] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:20:30.170] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:30.170] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:31.807] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26256 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022031Z&X-Amz-Signature=cb3d56ef392a0ebb892ad377c6f40ef832e0fb04a36ab0be5943791b20bd9769&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:31.807] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:31.807] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:31.808] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:31.808] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:31.808] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:31.809] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:34.954] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl|result:{"code": 0, "total_count": 44, "abnormal_count": 0, "normal_count": 44, "alert_count": 0, "timestamp": 1765362034953, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726065730918340, "etime": 1726065730918340, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53957, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065821045239, "etime": 1726065821045239, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53985, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065805773312, "etime": 1726065805773312, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53970, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065830219043, "etime": 1726065830219043, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53994, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065813911541, "etime": 1726065813911541, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53978, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065811883666, "etime": 1726065811883666, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53976, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065799664085, "etime": 1726065799664085, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53964, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065834297214, "etime": 1726065834297214, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53999, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065819005102, "etime": 1726065819005102, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53983, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065801704997, "etime": 1726065801704997, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53966, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065800685226, "etime": 1726065800685226, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53965, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065806797146, "etime": 1726065806797146, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53971, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065828193461, "etime": 1726065828193461, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53992, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065794566336, "etime": 1726065794566336, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53959, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065827173662, "etime": 1726065827173662, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53991, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065823080807, "etime": 1726065823080807, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53987, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065810865566, "etime": 1726065810865566, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53975, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065797629774, "etime": 1726065797629774, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53962, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065730743722, "etime": 1726065730743722, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53956, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065812891502, "etime": 1726065812891502, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53977, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065831242699, "etime": 1726065831242699, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53995, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065816973050, "etime": 1726065816973050, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53981, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065807821600, "etime": 1726065807821600, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53972, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065798649949, "etime": 1726065798649949, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53963, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065826145628, "etime": 1726065826145628, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53990, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065817993102, "etime": 1726065817993102, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53982, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065803741138, "etime": 1726065803741138, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53968, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065820029829, "etime": 1726065820029829, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53984, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065832262726, "etime": 1726065832262726, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53996, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065802725003, "etime": 1726065802725003, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53967, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065822061619, "etime": 1726065822061619, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53986, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065804753802, "etime": 1726065804753802, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53969, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065795584081, "etime": 1726065795584081, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53960, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065809852243, "etime": 1726065809852243, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53974, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065834292248, "etime": 1726065834292248, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53998, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065824104622, "etime": 1726065824104622, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53988, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065833268487, "etime": 1726065833268487, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53997, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065829206041, "etime": 1726065829206041, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53993, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065790961159, "etime": 1726065790961159, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53958, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065808836633, "etime": 1726065808836633, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53973, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065796611106, "etime": 1726065796611106, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53961, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065814936100, "etime": 1726065814936100, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53979, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065825121880, "etime": 1726065825121880, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53989, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726065815956117, "etime": 1726065815956117, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53980, "dest_port": 8889, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:34.954] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:20:34.980] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24592 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022034Z&X-Amz-Expires=604800&X-Amz-Signature=6a10b99ec01b0547e665120a4f01d6b7f31ec3b20c54494f1ff77d7a81545ecd&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:34.980] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:34.980] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:34.980] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:34.980] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:34.980] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:34.981] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:35.061] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362035060, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051154666654, "etime": 1726051154666654, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50500, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:35.061] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:35.061] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:35.061] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:38.157] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24593 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl?X-Amz-Signature=f328f67db28133598a89fc51360fc2134796db90abcc5827db0ba0cc0e0d09d4&X-Amz-Date=20251210T022037Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:20:38.157] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:38.157] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:38.157] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:38.157] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:38.157] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:38.158] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:38.279] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362038279, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051154666654, "etime": 1726051154666654, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50500, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:38.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:38.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:38.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:41.322] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24594 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl?X-Amz-Date=20251210T022040Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6c2b4e302c996d15d4174605c216406c4aba3e7f4e9fe5ac47f154aed315bc70&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:41.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:41.322] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:41.322] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:41.322] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:41.322] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:41.323] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:41.455] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362041454, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052724050323, "etime": 1726052724050323, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50569, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:41.455] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:41.455] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:41.455] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:44.487] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26257 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl?X-Amz-Date=20251210T022043Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cfac7e3d3b61756eeec793d760dfaa9ca64398880de1b7b1aed15efd8db29859"} [2025-12-10 10:20:44.488] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:44.488] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:44.488] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:44.488] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:44.488] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:44.489] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:44.624] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362044624, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052724050323, "etime": 1726052724050323, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50569, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:20:44.625] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:20:44.625] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:44.625] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:47.591] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25018 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl?X-Amz-Signature=817ffb828024d8828e11acc117c2cce6b25a1df9a1474a31c7ab466516702659&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022047Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:20:47.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:47.591] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:47.591] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:47.591] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:47.591] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:47.592] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:50.524] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl|result:{"code": 0, "total_count": 41, "abnormal_count": 0, "normal_count": 41, "alert_count": 0, "timestamp": 1765362050523, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726074150517091, "etime": 1726074150517091, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49591, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074175922810, "etime": 1726074175922810, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49617, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074142402421, "etime": 1726074142402421, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49583, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074153563183, "etime": 1726074153563183, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49594, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074171845892, "etime": 1726074171845892, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49612, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074172875888, "etime": 1726074172875888, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49614, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074163719610, "etime": 1726074163719610, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49604, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074176939029, "etime": 1726074176939029, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49618, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074144422308, "etime": 1726074144422308, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49585, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074082155130, "etime": 1726074082155130, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49581, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074162703616, "etime": 1726074162703616, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49603, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074166767116, "etime": 1726074166767116, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49607, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074170835585, "etime": 1726074170835585, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49611, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074173891902, "etime": 1726074173891902, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49615, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074142172731, "etime": 1726074142172731, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49582, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074168798531, "etime": 1726074168798531, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49609, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074146453882, "etime": 1726074146453882, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49587, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074151531498, "etime": 1726074151531498, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49592, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074158642690, "etime": 1726074158642690, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49599, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074145438308, "etime": 1726074145438308, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49586, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074082137058, "etime": 1726074082137058, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49580, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074152547332, "etime": 1726074152547332, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49593, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074154579159, "etime": 1726074154579159, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49595, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074156610196, "etime": 1726074156610196, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49597, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074143410035, "etime": 1726074143410035, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49584, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074147469804, "etime": 1726074147469804, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49588, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074148484950, "etime": 1726074148484950, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49589, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074159659040, "etime": 1726074159659040, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49600, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074160672832, "etime": 1726074160672832, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49601, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074161689515, "etime": 1726074161689515, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49602, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074164735826, "etime": 1726074164735826, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49605, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074165751651, "etime": 1726074165751651, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49606, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074169815228, "etime": 1726074169815228, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49610, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074174906738, "etime": 1726074174906738, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49616, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074177958121, "etime": 1726074177958121, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49620, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074167782642, "etime": 1726074167782642, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49608, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074177954055, "etime": 1726074177954055, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49619, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074149501176, "etime": 1726074149501176, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49590, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074155594754, "etime": 1726074155594754, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49596, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074157625778, "etime": 1726074157625778, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49598, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074171866877, "etime": 1726074171866877, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49613, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:50.525] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:20:50.714] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24595 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=14c905cbfaae0e37a246641cb96b3fc8c32cde85125d88d31091c1c7ecae46ca&X-Amz-Expires=604800&X-Amz-Date=20251210T022050Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:50.714] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:52.512] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765362052511, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727150463900235, "etime": 1727150463900235, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55499, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150474369887, "etime": 1727150474369887, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55507, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150484862079, "etime": 1727150484862079, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55522, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150478488965, "etime": 1727150478488965, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55511, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150481797922, "etime": 1727150481797922, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55519, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150470225434, "etime": 1727150470225434, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55502, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727150475398113, "etime": 1727150475398113, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55508, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150479748462, "etime": 1727150479748462, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55513, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150471262053, "etime": 1727150471262053, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55503, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150487939917, "etime": 1727150487939917, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55526, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150487961259, "etime": 1727150487961259, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55527, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150483846853, "etime": 1727150483846853, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55521, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150466513344, "etime": 1727150466513344, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55501, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150403833467, "etime": 1727150403833467, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55492, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150486905801, "etime": 1727150486905801, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55524, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150472292490, "etime": 1727150472292490, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55504, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150480776531, "etime": 1727150480776531, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55516, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150479512431, "etime": 1727150479512431, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55512, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150476433537, "etime": 1727150476433537, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55509, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150465493920, "etime": 1727150465493920, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55500, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727150482817467, "etime": 1727150482817467, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55520, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150401508852, "etime": 1727150401508852, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55491, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727150477465803, "etime": 1727150477465803, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55510, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150485893393, "etime": 1727150485893393, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55523, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727150473327361, "etime": 1727150473327361, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55506, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:52.512] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:20:52.512] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:52.512] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:53.887] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26258 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl?X-Amz-Expires=604800&X-Amz-Signature=41a59d1fbe899b8b78e6827e53c625dc7a795fb84383b02e170132d2983e745e&X-Amz-Date=20251210T022053Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:20:53.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:53.887] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:53.887] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:53.887] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:53.887] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:53.888] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:20:54.962] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl|result:{"code": 1, "total_count": 15, "abnormal_count": 4, "normal_count": 11, "alert_count": 4, "timestamp": 1765362054961, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727226992416814, "etime": 1727226992416814, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49265, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227008926660, "etime": 1727227008926660, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49272, "dest_port": 11111, "protocol": "tls", "result": "Behinder"}, {"stime": 1727227015566922, "etime": 1727227015566922, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49275, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727226995629899, "etime": 1727226995629899, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49266, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227012357111, "etime": 1727227012357111, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49274, "dest_port": 11111, "protocol": "tls", "result": "Behinder"}, {"stime": 1727227002057605, "etime": 1727227002057605, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49268, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727226998843630, "etime": 1727226998843630, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49267, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227012134877, "etime": 1727227012134877, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49273, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227017540758, "etime": 1727227017540758, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49276, "dest_port": 11111, "protocol": "tls", "result": "Behinder"}, {"stime": 1727226932201466, "etime": 1727226932201466, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49264, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227020761910, "etime": 1727227020761910, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49277, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727226931764415, "etime": 1727226931764415, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49263, "dest_port": 11111, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727227005494000, "etime": 1727227005494000, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49270, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227008704060, "etime": 1727227008704060, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49271, "dest_port": 11111, "protocol": "tls", "result": "Normal"}, {"stime": 1727227005270598, "etime": 1727227005270598, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49269, "dest_port": 11111, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:20:54.962] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:20:54.962] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:54.962] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:20:57.060] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25019 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022056Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2fca1016e38b323692402c66f00977e20f709478904111998eb5c6001d928fd6&X-Amz-Expires=604800"} [2025-12-10 10:20:57.060] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:20:57.060] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:20:57.060] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:20:57.060] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:20:57.060] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:20:57.061] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:03.744] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl|result:{"code": 1, "total_count": 94, "abnormal_count": 92, "normal_count": 2, "alert_count": 92, "timestamp": 1765362063742, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726234666014132, "etime": 1726234666014132, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50468, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234787726209, "etime": 1726234787726209, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234741612569, "etime": 1726234741612569, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234773920826, "etime": 1726234773920826, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50576, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234694484750, "etime": 1726234694484750, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234798381041, "etime": 1726234798381041, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50592, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234710413579, "etime": 1726234710413579, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234747774093, "etime": 1726234747774093, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50559, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234733251565, "etime": 1726234733251565, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234734795046, "etime": 1726234734795046, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50550, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234743158354, "etime": 1726234743158354, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234750879202, "etime": 1726234750879202, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50561, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234753936110, "etime": 1726234753936110, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50563, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234707277797, "etime": 1726234707277797, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50526, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234692955542, "etime": 1726234692955542, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234670663828, "etime": 1726234670663828, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234769319248, "etime": 1726234769319248, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50573, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234772392504, "etime": 1726234772392504, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50575, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234784685270, "etime": 1726234784685270, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50583, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234792312442, "etime": 1726234792312442, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50588, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234801438782, "etime": 1726234801438782, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50594, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234683064943, "etime": 1726234683064943, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234691396035, "etime": 1726234691396035, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234712681304, "etime": 1726234712681304, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50534, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726234664440193, "etime": 1726234664440193, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50466, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234689847536, "etime": 1726234689847536, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50500, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234781625915, "etime": 1726234781625915, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50581, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234706637304, "etime": 1726234706637304, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50524, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234701960049, "etime": 1726234701960049, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50518, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234667558503, "etime": 1726234667558503, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50470, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234729097645, "etime": 1726234729097645, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726234760051684, "etime": 1726234760051684, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50567, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234761595615, "etime": 1726234761595615, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50568, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234777040687, "etime": 1726234777040687, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50578, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234793826297, "etime": 1726234793826297, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234679945698, "etime": 1726234679945698, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50486, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234603829392, "etime": 1726234603829392, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50464, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234718071366, "etime": 1726234718071366, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50542, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726234731700637, "etime": 1726234731700637, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726234736948738, "etime": 1726234736948738, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234790785231, "etime": 1726234790785231, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234703517214, "etime": 1726234703517214, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50520, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234714250940, "etime": 1726234714250940, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50536, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234775466190, "etime": 1726234775466190, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234678401384, "etime": 1726234678401384, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50484, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234672224092, "etime": 1726234672224092, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50476, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234689259396, "etime": 1726234689259396, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234695074657, "etime": 1726234695074657, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726234746230388, "etime": 1726234746230388, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50558, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234730660784, "etime": 1726234730660784, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234735427478, "etime": 1726234735427478, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726234681506044, "etime": 1726234681506044, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50488, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234789254757, "etime": 1726234789254757, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50586, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234795370312, "etime": 1726234795370312, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50590, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234708836761, "etime": 1726234708836761, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50528, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234673768369, "etime": 1726234673768369, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234766229836, "etime": 1726234766229836, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50571, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234705077111, "etime": 1726234705077111, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50522, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234799910912, "etime": 1726234799910912, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50593, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234802952180, "etime": 1726234802952180, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50595, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234696605961, "etime": 1726234696605961, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50510, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234669103048, "etime": 1726234669103048, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50472, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234770846962, "etime": 1726234770846962, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50574, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234749334369, "etime": 1726234749334369, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234675311963, "etime": 1726234675311963, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234698165887, "etime": 1726234698165887, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50512, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234755464727, "etime": 1726234755464727, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50564, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234719617275, "etime": 1726234719617275, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50543, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234758539721, "etime": 1726234758539721, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50566, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234764699949, "etime": 1726234764699949, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50570, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234740020996, "etime": 1726234740020996, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234686169584, "etime": 1726234686169584, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234687714058, "etime": 1726234687714058, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234712002866, "etime": 1726234712002866, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50532, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234757009506, "etime": 1726234757009506, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50565, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234684609926, "etime": 1726234684609926, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50492, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234699774836, "etime": 1726234699774836, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50514, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234752408263, "etime": 1726234752408263, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50562, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234700393478, "etime": 1726234700393478, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50516, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234717385744, "etime": 1726234717385744, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50540, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234722720592, "etime": 1726234722720592, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234738476510, "etime": 1726234738476510, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234767773486, "etime": 1726234767773486, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50572, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234778553956, "etime": 1726234778553956, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50579, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234780082042, "etime": 1726234780082042, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50580, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234783170770, "etime": 1726234783170770, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50582, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234803486357, "etime": 1726234803486357, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234676856850, "etime": 1726234676856850, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50482, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234796869126, "etime": 1726234796869126, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234744686557, "etime": 1726234744686557, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234763155493, "etime": 1726234763155493, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50569, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234721176779, "etime": 1726234721176779, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50544, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234786229891, "etime": 1726234786229891, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50584, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726234715825267, "etime": 1726234715825267, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50538, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 92|max_alert: 1000 [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:03.744] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26259 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022059Z&X-Amz-SignedHeaders=host&X-Amz-Signature=c1fc749a9d26edf79f76b76600228e70cc7761a553ec7b3b98e3d30903b6e80e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:03.744] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:03.745] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:03.820] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362063819, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640423661236, "etime": 1726640423661236, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49277, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:03.820] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24596 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=764bdc20ccf03efbc6cc663a492b03e8f981701dd31f52c599855a1fd160b0ba&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022102Z"} [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:03.820] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:03.894] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362063893, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640423661236, "etime": 1726640423661236, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49277, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:03.894] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:03.894] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:03.894] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:06.463] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24597 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022106Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=496a74ed695c330d6b518829b2d1e279cb9a280d6dd6079705e8ae255cf41927&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:06.463] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:06.463] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:06.463] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:06.463] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:06.463] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:06.464] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:08.541] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl|result:{"code": 0, "total_count": 29, "abnormal_count": 0, "normal_count": 29, "alert_count": 0, "timestamp": 1765362068540, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726132987270097, "etime": 1726132987270097, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49219, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132998455015, "etime": 1726132998455015, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49233, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132988283829, "etime": 1726132988283829, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49220, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133001497086, "etime": 1726133001497086, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49236, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132996428264, "etime": 1726132996428264, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49231, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132985241867, "etime": 1726132985241867, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49217, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132924206239, "etime": 1726132924206239, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49214, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133006566955, "etime": 1726133006566955, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49241, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132990327240, "etime": 1726132990327240, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49223, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132995397246, "etime": 1726132995397246, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49229, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132993369587, "etime": 1726132993369587, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49227, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133002519299, "etime": 1726133002519299, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49237, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133005553873, "etime": 1726133005553873, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49240, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132992355510, "etime": 1726132992355510, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49225, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133004539124, "etime": 1726133004539124, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49239, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132997440897, "etime": 1726132997440897, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49232, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133000483369, "etime": 1726133000483369, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49235, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132924216298, "etime": 1726132924216298, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49215, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132999469007, "etime": 1726132999469007, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49234, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132991341501, "etime": 1726132991341501, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49224, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132994383642, "etime": 1726132994383642, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49228, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133007581307, "etime": 1726133007581307, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49242, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132988299223, "etime": 1726132988299223, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49221, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132992366225, "etime": 1726132992366225, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49226, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132996412007, "etime": 1726132996412007, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49230, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132989313496, "etime": 1726132989313496, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49222, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132986255890, "etime": 1726132986255890, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49218, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726132984228515, "etime": 1726132984228515, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49216, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1726133003525731, "etime": 1726133003525731, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49238, "dest_port": 13392, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:08.541] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:09.568] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26260 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl?X-Amz-Signature=f8f3d3ba726148e9712b12a129043bee988cf3d2dea91dbba0a042e043025012&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022109Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:21:09.568] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:09.568] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:09.568] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:09.568] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:09.568] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:09.569] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:11.416] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl|result:{"code": 0, "total_count": 26, "abnormal_count": 0, "normal_count": 26, "alert_count": 0, "timestamp": 1765362071415, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727161160072656, "etime": 1727161160072656, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49250, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161273748150, "etime": 1727161273748150, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49272, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161247337092, "etime": 1727161247337092, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49263, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161250348473, "etime": 1727161250348473, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49264, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161226158735, "etime": 1727161226158735, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49254, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161276774827, "etime": 1727161276774827, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49273, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161235231437, "etime": 1727161235231437, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49259, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161279801382, "etime": 1727161279801382, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49274, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161265433458, "etime": 1727161265433458, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49269, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161232189582, "etime": 1727161232189582, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49257, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161226136513, "etime": 1727161226136513, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49253, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161160063144, "etime": 1727161160063144, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49249, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161268459758, "etime": 1727161268459758, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49270, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161232223079, "etime": 1727161232223079, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49258, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161253374415, "etime": 1727161253374415, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49265, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161223110256, "etime": 1727161223110256, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49252, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161262422452, "etime": 1727161262422452, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49268, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161238257762, "etime": 1727161238257762, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49260, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161229162944, "etime": 1727161229162944, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49255, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161229174778, "etime": 1727161229174778, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49256, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161241283856, "etime": 1727161241283856, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49261, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161256400758, "etime": 1727161256400758, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49266, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161259411930, "etime": 1727161259411930, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49267, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161220099681, "etime": 1727161220099681, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49251, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161270732186, "etime": 1727161270732186, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49271, "dest_port": 13392, "protocol": "tls", "result": "Normal"}, {"stime": 1727161244310508, "etime": 1727161244310508, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49262, "dest_port": 13392, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:11.416] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:12.595] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25020 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022112Z&X-Amz-Signature=6e9853e663e0e5242c75aee52115506f12c59e19f268f27b5081814b7f0a3c8f&X-Amz-Expires=604800"} [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:12.596] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:14.161] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl|result:{"code": 0, "total_count": 22, "abnormal_count": 0, "normal_count": 22, "alert_count": 0, "timestamp": 1765362074160, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726074594413354, "etime": 1726074594413354, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49659, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074601534746, "etime": 1726074601534746, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49667, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602807087, "etime": 1726074602807087, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49671, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726074603260483, "etime": 1726074603260483, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49674, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726074597457082, "etime": 1726074597457082, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49662, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074592378595, "etime": 1726074592378595, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49657, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074596441368, "etime": 1726074596441368, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49661, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602803445, "etime": 1726074602803445, "src_ip": "192.168.32.43", "dest_ip": "23.6.178.36", "src_port": 49670, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726074595425820, "etime": 1726074595425820, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49660, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074598488445, "etime": 1726074598488445, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49664, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602807087, "etime": 1726074602807087, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49672, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726074591361695, "etime": 1726074591361695, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49656, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602554526, "etime": 1726074602554526, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49669, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602550302, "etime": 1726074602550302, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49668, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074602811108, "etime": 1726074602811108, "src_ip": "192.168.32.43", "dest_ip": "184.28.50.138", "src_port": 49673, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726074600519331, "etime": 1726074600519331, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49666, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074590035262, "etime": 1726074590035262, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49655, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074530010204, "etime": 1726074530010204, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49653, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074598472030, "etime": 1726074598472030, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49663, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074593394518, "etime": 1726074593394518, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49658, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074599503266, "etime": 1726074599503266, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49665, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726074530028336, "etime": 1726074530028336, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49654, "dest_port": 8081, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:14.161] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:15.698] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24598 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022115Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a4eac0c002dfd7f1ec06ecf292ff0e1594160f1dbdde2f23da39fcffc0de3595"} [2025-12-10 10:21:15.698] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:15.698] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:15.698] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:15.698] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:15.698] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:15.699] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:17.381] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl|result:{"code": 0, "total_count": 24, "abnormal_count": 0, "normal_count": 24, "alert_count": 0, "timestamp": 1765362077380, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726074994789372, "etime": 1726074994789372, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49721, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074996821694, "etime": 1726074996821694, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49723, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074999886240, "etime": 1726074999886240, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49727, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075000902139, "etime": 1726075000902139, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49728, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075007006070, "etime": 1726075007006070, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49735, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075006993095, "etime": 1726075006993095, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49734, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075009023492, "etime": 1726075009023492, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49737, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074931446537, "etime": 1726074931446537, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49716, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075010039588, "etime": 1726075010039588, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49738, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075004962411, "etime": 1726075004962411, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49732, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074931466328, "etime": 1726074931466328, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49717, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074992756879, "etime": 1726074992756879, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49719, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074995806040, "etime": 1726074995806040, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49722, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074998852342, "etime": 1726074998852342, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49725, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074993774984, "etime": 1726074993774984, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49720, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075002931265, "etime": 1726075002931265, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49730, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075003946857, "etime": 1726075003946857, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49731, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074991477823, "etime": 1726074991477823, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49718, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074997836652, "etime": 1726074997836652, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49724, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075001916123, "etime": 1726075001916123, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49729, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075005978237, "etime": 1726075005978237, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49733, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075008007918, "etime": 1726075008007918, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49736, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075010045297, "etime": 1726075010045297, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49739, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726074999868756, "etime": 1726074999868756, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49726, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:17.381] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:18.869] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25021 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=33d9eff0ad9d67fca229f8db1c115ff2402582a6ea62055ce217765de097a75e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022118Z"} [2025-12-10 10:21:18.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:18.869] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:18.870] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:25.232] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl|result:{"code": 1, "total_count": 90, "abnormal_count": 88, "normal_count": 2, "alert_count": 88, "timestamp": 1765362085230, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726230549453891, "etime": 1726230549453891, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49465, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230625357647, "etime": 1726230625357647, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49514, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230647907022, "etime": 1726230647907022, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49529, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230592333451, "etime": 1726230592333451, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49492, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230539238841, "etime": 1726230539238841, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49457, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230556068417, "etime": 1726230556068417, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49470, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230605784393, "etime": 1726230605784393, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49501, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230608796980, "etime": 1726230608796980, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49503, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230637422241, "etime": 1726230637422241, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49522, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230532621944, "etime": 1726230532621944, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49452, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230570207816, "etime": 1726230570207816, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49480, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230521407574, "etime": 1726230521407574, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49443, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230552466435, "etime": 1726230552466435, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49467, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230553030628, "etime": 1726230553030628, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49468, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726230522964235, "etime": 1726230522964235, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49445, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230542819332, "etime": 1726230542819332, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49460, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230581794997, "etime": 1726230581794997, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49485, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230593829265, "etime": 1726230593829265, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49493, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230595323428, "etime": 1726230595323428, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49494, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230540749122, "etime": 1726230540749122, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49458, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230641921329, "etime": 1726230641921329, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49525, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230631382591, "etime": 1726230631382591, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49518, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230586303290, "etime": 1726230586303290, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49488, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230580279440, "etime": 1726230580279440, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49484, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230557578949, "etime": 1726230557578949, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49471, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230650902254, "etime": 1726230650902254, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49531, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230547942131, "etime": 1726230547942131, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49464, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230619342422, "etime": 1726230619342422, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49510, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230620853445, "etime": 1726230620853445, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49511, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230545859274, "etime": 1726230545859274, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49462, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230560601830, "etime": 1726230560601830, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49473, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230626850794, "etime": 1726230626850794, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49515, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230632892206, "etime": 1726230632892206, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49519, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230567203307, "etime": 1726230567203307, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49478, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230536203465, "etime": 1726230536203465, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49455, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230544325221, "etime": 1726230544325221, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49461, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230562114265, "etime": 1726230562114265, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49474, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230533171308, "etime": 1726230533171308, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49453, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726230587831258, "etime": 1726230587831258, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49489, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230617844511, "etime": 1726230617844511, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49509, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230528043734, "etime": 1726230528043734, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49449, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230537730037, "etime": 1726230537730037, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49456, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230562695696, "etime": 1726230562695696, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49475, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726230571702038, "etime": 1726230571702038, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49481, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230602811715, "etime": 1726230602811715, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49499, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230564213798, "etime": 1726230564213798, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49476, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230583292541, "etime": 1726230583292541, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49486, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230613334406, "etime": 1726230613334406, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49506, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230601317374, "etime": 1726230601317374, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49498, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230640432405, "etime": 1726230640432405, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49524, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230646408257, "etime": 1726230646408257, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49528, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230599823359, "etime": 1726230599823359, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49497, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230651417512, "etime": 1726230651417512, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49532, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230649404634, "etime": 1726230649404634, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49530, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230635927586, "etime": 1726230635927586, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49521, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230614832861, "etime": 1726230614832861, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49507, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230628361637, "etime": 1726230628361637, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49516, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230524462198, "etime": 1726230524462198, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49446, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230634402604, "etime": 1726230634402604, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49520, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230590837683, "etime": 1726230590837683, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49491, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230623860933, "etime": 1726230623860933, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49513, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230541298650, "etime": 1726230541298650, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49459, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230611817510, "etime": 1726230611817510, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49505, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230616332353, "etime": 1726230616332353, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49508, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230550968589, "etime": 1726230550968589, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49466, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230534677436, "etime": 1726230534677436, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49454, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230526533269, "etime": 1726230526533269, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230554556101, "etime": 1726230554556101, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49469, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230578791889, "etime": 1726230578791889, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49483, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726230610315805, "etime": 1726230610315805, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49504, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230622365574, "etime": 1726230622365574, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49512, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230643410444, "etime": 1726230643410444, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49526, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230573229975, "etime": 1726230573229975, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49482, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230638925712, "etime": 1726230638925712, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49523, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230644908074, "etime": 1726230644908074, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49527, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230525026913, "etime": 1726230525026913, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49447, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230589328470, "etime": 1726230589328470, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49490, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230460830342, "etime": 1726230460830342, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49441, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230607290213, "etime": 1726230607290213, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230529570120, "etime": 1726230529570120, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49450, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230604290931, "etime": 1726230604290931, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49500, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230568699934, "etime": 1726230568699934, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49479, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230629872703, "etime": 1726230629872703, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49517, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230531096985, "etime": 1726230531096985, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49451, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230559105820, "etime": 1726230559105820, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49472, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230598328415, "etime": 1726230598328415, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230565693309, "etime": 1726230565693309, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49477, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230547376012, "etime": 1726230547376012, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49463, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230584790827, "etime": 1726230584790827, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49487, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726230596818129, "etime": 1726230596818129, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49495, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 88|max_alert: 1000 [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:25.232] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25022 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022121Z&X-Amz-SignedHeaders=host&X-Amz-Signature=387286a92d7c00c02493b1d25274d4bece932ca4f00fa7bb91e26cedc7990d23"} [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:25.232] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:25.233] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:26.780] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl|result:{"code": 0, "total_count": 22, "abnormal_count": 0, "normal_count": 22, "alert_count": 0, "timestamp": 1765362086779, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727226817352589, "etime": 1727226817352589, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49222, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226754328447, "etime": 1727226754328447, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49219, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226829426222, "etime": 1727226829426222, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49228, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226835449127, "etime": 1727226835449127, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49230, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226829411973, "etime": 1727226829411973, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49227, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226835471663, "etime": 1727226835471663, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49231, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226844496737, "etime": 1727226844496737, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49234, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226852218801, "etime": 1727226852218801, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49237, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226826405797, "etime": 1727226826405797, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49226, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226814342336, "etime": 1727226814342336, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49221, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226832438323, "etime": 1727226832438323, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49229, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226838475343, "etime": 1727226838475343, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49232, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226823374370, "etime": 1727226823374370, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49224, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226849207832, "etime": 1727226849207832, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49236, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226858240684, "etime": 1727226858240684, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49239, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226754336400, "etime": 1727226754336400, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49220, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226820363883, "etime": 1727226820363883, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49223, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226826385119, "etime": 1727226826385119, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49225, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226861251332, "etime": 1727226861251332, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49240, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226841485910, "etime": 1727226841485910, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49233, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226855229491, "etime": 1727226855229491, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49238, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727226846201502, "etime": 1727226846201502, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49235, "dest_port": 11112, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:26.780] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26261 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e222dd1c3f6c864066845265c14ceff68ebe9d98a746823e497dd87b7219c25e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022124Z&X-Amz-Expires=604800"} [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:26.780] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:28.439] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl|result:{"code": 0, "total_count": 23, "abnormal_count": 0, "normal_count": 23, "alert_count": 0, "timestamp": 1765362088439, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727160893068090, "etime": 1727160893068090, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49212, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160913551129, "etime": 1727160913551129, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49220, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160805722002, "etime": 1727160805722002, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49199, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160877858241, "etime": 1727160877858241, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49204, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160874831680, "etime": 1727160874831680, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49203, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160901435484, "etime": 1727160901435484, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49215, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160880922833, "etime": 1727160880922833, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49206, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160910525725, "etime": 1727160910525725, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49219, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160805692594, "etime": 1727160805692594, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49198, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160890010866, "etime": 1727160890010866, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49210, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160865752778, "etime": 1727160865752778, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49200, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160883968343, "etime": 1727160883968343, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49208, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160886983831, "etime": 1727160886983831, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49209, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160880884164, "etime": 1727160880884164, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49205, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160890047715, "etime": 1727160890047715, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49211, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160868779260, "etime": 1727160868779260, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49201, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160907483036, "etime": 1727160907483036, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49217, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160883942369, "etime": 1727160883942369, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49207, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160907510262, "etime": 1727160907510262, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49218, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160896095727, "etime": 1727160896095727, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49213, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160899121280, "etime": 1727160899121280, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49214, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160904456537, "etime": 1727160904456537, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49216, "dest_port": 11112, "protocol": "tls", "result": "Normal"}, {"stime": 1727160871805128, "etime": 1727160871805128, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "src_port": 49202, "dest_port": 11112, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:28.440] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24599 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=ddbcb64d96bab5af559b5fd10d7f260269a8f73904e20992cf23fac311bf4a41&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022127Z&X-Amz-Expires=604800"} [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:28.440] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:30.088] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl|result:{"code": 0, "total_count": 23, "abnormal_count": 0, "normal_count": 23, "alert_count": 0, "timestamp": 1765362090087, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726072613325481, "etime": 1726072613325481, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49449, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072616637774, "etime": 1726072616637774, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49453, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072618668674, "etime": 1726072618668674, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49455, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072570012538, "etime": 1726072570012538, "src_ip": "192.168.32.43", "dest_ip": "150.171.28.10", "src_port": 49241, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726072626808982, "etime": 1726072626808982, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49464, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072629860273, "etime": 1726072629860273, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49468, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072622731315, "etime": 1726072622731315, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49459, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072623747555, "etime": 1726072623747555, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49460, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072620703132, "etime": 1726072620703132, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49457, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072624776208, "etime": 1726072624776208, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49462, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072625793355, "etime": 1726072625793355, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49463, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072629856189, "etime": 1726072629856189, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49467, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072553291757, "etime": 1726072553291757, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49447, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072614588150, "etime": 1726072614588150, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49450, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072553311163, "etime": 1726072553311163, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49448, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072617653486, "etime": 1726072617653486, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49454, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072624762714, "etime": 1726072624762714, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49461, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072619684359, "etime": 1726072619684359, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49456, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072621715085, "etime": 1726072621715085, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49458, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072627824306, "etime": 1726072627824306, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49465, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072615606520, "etime": 1726072615606520, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49451, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072615624621, "etime": 1726072615624621, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49452, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726072628840857, "etime": 1726072628840857, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49466, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:30.088] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:31.362] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26262 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022130Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b204576d43f16206e42660c63adfad67fd840da6361c1e3e57558200725134da"} [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:31.363] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:31.452] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362091452, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052256792827, "etime": 1726052256792827, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50549, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:21:31.452] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:31.452] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:31.452] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:34.525] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26263 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=95bacc6bb299d6e0f507ea6b21a05ce27938772a6d474e357d9aaba89add2b27&X-Amz-Date=20251210T022134Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:21:34.525] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:34.525] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:34.525] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:34.525] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:34.525] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:34.526] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:34.655] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362094655, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641744727682, "etime": 1726641744727682, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49290, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:34.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:34.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:34.655] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:37.673] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25023 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0bb89b9d6ff6343a075da450e54d866f05fdff93ac176dc40aacf1c1d95c7b6e&X-Amz-Date=20251210T022137Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:37.673] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:37.673] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:37.673] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:37.673] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:37.673] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:37.674] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:37.803] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362097802, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641744727682, "etime": 1726641744727682, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49290, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:37.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:37.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:37.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:40.816] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24600 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=99d7b1356ca14099f24dba107645541f5060fd1fed4250e94b4e18b3f8a85f48&X-Amz-Date=20251210T022140Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:21:40.817] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:40.817] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:40.817] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:40.817] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:40.817] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:40.818] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:40.946] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362100945, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052256792827, "etime": 1726052256792827, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50549, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:21:40.946] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:40.946] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:40.946] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:43.985] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25024 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl?X-Amz-Date=20251210T022143Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a4dac12efd104f2f1b20587d579e0e1b9be8a174d08910a9803eff1239f51e13"} [2025-12-10 10:21:43.985] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:43.985] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:43.986] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:43.986] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:43.986] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:43.987] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:50.442] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl|result:{"code": 1, "total_count": 90, "abnormal_count": 88, "normal_count": 2, "alert_count": 88, "timestamp": 1765362110440, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726236659682771, "etime": 1726236659682771, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51376, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236671102190, "etime": 1726236671102190, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51392, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236689837074, "etime": 1726236689837074, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51416, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236696029953, "etime": 1726236696029953, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51423, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236716029144, "etime": 1726236716029144, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51436, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236646405838, "etime": 1726236646405838, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51364, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236722145004, "etime": 1726236722145004, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51440, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236697543006, "etime": 1726236697543006, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51424, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236552591584, "etime": 1726236552591584, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51312, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236677343538, "etime": 1726236677343538, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51400, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236620042829, "etime": 1726236620042829, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51324, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236632210949, "etime": 1726236632210949, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51342, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236632825610, "etime": 1726236632825610, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236705203003, "etime": 1726236705203003, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51429, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236622240532, "etime": 1726236622240532, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51328, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726236740661704, "etime": 1726236740661704, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51452, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236644856836, "etime": 1726236644856836, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51362, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726236728399613, "etime": 1726236728399613, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51444, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236725375536, "etime": 1726236725375536, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51442, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236733048937, "etime": 1726236733048937, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51447, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236692925312, "etime": 1726236692925312, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51420, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236694501414, "etime": 1726236694501414, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51422, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236658140743, "etime": 1726236658140743, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51374, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726236623832793, "etime": 1726236623832793, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51330, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236625394162, "etime": 1726236625394162, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51332, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236666436839, "etime": 1726236666436839, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51386, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236708322556, "etime": 1726236708322556, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51431, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236618483282, "etime": 1726236618483282, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51322, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236614738478, "etime": 1726236614738478, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51316, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236682067846, "etime": 1726236682067846, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51406, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236737604642, "etime": 1726236737604642, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51450, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236641165228, "etime": 1726236641165228, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51356, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236743750662, "etime": 1726236743750662, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51454, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236669557287, "etime": 1726236669557287, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51390, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236655526615, "etime": 1726236655526615, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51370, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726236638081507, "etime": 1726236638081507, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726236630650166, "etime": 1726236630650166, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51340, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236616891094, "etime": 1726236616891094, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51320, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236672661141, "etime": 1726236672661141, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51394, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236615341979, "etime": 1726236615341979, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51318, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236639637888, "etime": 1726236639637888, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51354, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236723707758, "etime": 1726236723707758, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51441, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236627544809, "etime": 1726236627544809, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51336, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236663347686, "etime": 1726236663347686, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51382, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236660285238, "etime": 1726236660285238, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726236668012075, "etime": 1726236668012075, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51388, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236691382588, "etime": 1726236691382588, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51418, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236731457544, "etime": 1726236731457544, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51446, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236703673791, "etime": 1726236703673791, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51428, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236734577466, "etime": 1726236734577466, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236745279163, "etime": 1726236745279163, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51455, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236626968659, "etime": 1726236626968659, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51334, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236629091560, "etime": 1726236629091560, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51338, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236675782611, "etime": 1726236675782611, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51398, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236642708897, "etime": 1726236642708897, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51358, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236635892105, "etime": 1726236635892105, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51348, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236685172320, "etime": 1726236685172320, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51410, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236711395930, "etime": 1726236711395930, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51433, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236683629017, "etime": 1726236683629017, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51408, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236700601749, "etime": 1726236700601749, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51426, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236712925167, "etime": 1726236712925167, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51434, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236720617011, "etime": 1726236720617011, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51439, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236637438150, "etime": 1726236637438150, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51350, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236647966329, "etime": 1726236647966329, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51366, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236649526310, "etime": 1726236649526310, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51368, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236688276655, "etime": 1726236688276655, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51414, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236726901955, "etime": 1726236726901955, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51443, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236729928489, "etime": 1726236729928489, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51445, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236661818633, "etime": 1726236661818633, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51380, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236674221204, "etime": 1726236674221204, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51396, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236613164574, "etime": 1726236613164574, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236678978476, "etime": 1726236678978476, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51402, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236699088442, "etime": 1726236699088442, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51425, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236634347303, "etime": 1726236634347303, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51346, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236702144774, "etime": 1726236702144774, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51427, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236714468601, "etime": 1726236714468601, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51435, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236680539285, "etime": 1726236680539285, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51404, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236717557852, "etime": 1726236717557852, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51437, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236719086789, "etime": 1726236719086789, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51438, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236736090787, "etime": 1726236736090787, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51449, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236742190516, "etime": 1726236742190516, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51453, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236657092308, "etime": 1726236657092308, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51372, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236709867149, "etime": 1726236709867149, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51432, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236644238003, "etime": 1726236644238003, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51360, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236664876579, "etime": 1726236664876579, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51384, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236706748165, "etime": 1726236706748165, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51430, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236621602176, "etime": 1726236621602176, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51326, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236686716759, "etime": 1726236686716759, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51412, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726236746808261, "etime": 1726236746808261, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51456, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1726236739133291, "etime": 1726236739133291, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 51451, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:21:50.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 88|max_alert: 1000 [2025-12-10 10:21:50.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:50.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:50.443] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26264 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2c84f307b88ac2d740078507a2a26dfc91a40224d4e0add91eecfa77df0f1f26&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022146Z"} [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:50.443] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:50.517] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362110517, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640366495761, "etime": 1726640366495761, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49276, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:50.517] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25025 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022149Z&X-Amz-Signature=e775ca31930729124bfc2a7e5aa390c8f90f22b3fd287459260714aa7ef8870d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:50.517] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:50.518] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:50.591] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362110591, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640366495761, "etime": 1726640366495761, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49276, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:50.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:50.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:50.591] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:21:53.386] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26265 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022152Z&X-Amz-Signature=290b3454d71e314f1064911112a14593b5838f2d203aa89106d1ef07ab6f00a7"} [2025-12-10 10:21:53.386] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:53.386] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:53.387] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:54.698] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl|result:{"code": 0, "total_count": 18, "abnormal_count": 0, "normal_count": 18, "alert_count": 0, "timestamp": 1765362114697, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726072937423797, "etime": 1726072937423797, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49507, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072947600517, "etime": 1726072947600517, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49519, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072939469993, "etime": 1726072939469993, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49510, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072944548577, "etime": 1726072944548577, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49515, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072936410585, "etime": 1726072936410585, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49506, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072938439611, "etime": 1726072938439611, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49508, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072947596193, "etime": 1726072947596193, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49518, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072946580188, "etime": 1726072946580188, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49517, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072939455088, "etime": 1726072939455088, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49509, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072942516998, "etime": 1726072942516998, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49513, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072874124042, "etime": 1726072874124042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49502, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072943533279, "etime": 1726072943533279, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49514, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072935386606, "etime": 1726072935386606, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49505, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072934142862, "etime": 1726072934142862, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49504, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072941501717, "etime": 1726072941501717, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49512, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072945564386, "etime": 1726072945564386, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49516, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072874135684, "etime": 1726072874135684, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49503, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726072940487840, "etime": 1726072940487840, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49511, "dest_port": 8889, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:54.698] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:56.490] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25026 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl?X-Amz-Date=20251210T022156Z&X-Amz-Signature=57efef6a87510ec8e89ca90dd0f0f7f5fa5349507fd26b4a2c5ed0af96e534e4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:21:56.490] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:56.490] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:56.491] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:56.491] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:56.491] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:56.491] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:57.615] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765362117615, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726133388585657, "etime": 1726133388585657, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49308, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133384512182, "etime": 1726133384512182, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49303, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133378397318, "etime": 1726133378397318, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49295, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133379432740, "etime": 1726133379432740, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49297, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133380440512, "etime": 1726133380440512, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49298, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133383498305, "etime": 1726133383498305, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49302, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133385542403, "etime": 1726133385542403, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49305, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133387570098, "etime": 1726133387570098, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49307, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133386556167, "etime": 1726133386556167, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49306, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133382485917, "etime": 1726133382485917, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49301, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133318388182, "etime": 1726133318388182, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49294, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133379410768, "etime": 1726133379410768, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49296, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133318377702, "etime": 1726133318377702, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49293, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133381454798, "etime": 1726133381454798, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49299, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133382468755, "etime": 1726133382468755, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49300, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1726133384524738, "etime": 1726133384524738, "src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "src_port": 49304, "dest_port": 9999, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:21:57.616] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:21:59.650] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24601 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=74d452d38a0866321ef212540f8c507a4b439d1cb4566ad8cc455045aa3942b0&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022159Z"} [2025-12-10 10:21:59.650] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:21:59.650] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:21:59.650] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:21:59.650] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:21:59.651] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:21:59.651] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:21:59.755] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362119754, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641687097210, "etime": 1726641687097210, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49289, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:21:59.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:21:59.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:59.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:02.798] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25027 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl?X-Amz-Signature=d62b8c2cdcc279d98393c888d98eeb84e4b790f66e298c4553812bca5e912360&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022202Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:22:02.798] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:02.798] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:02.798] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:02.798] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:02.798] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:02.799] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:02.930] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362122929, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641687097210, "etime": 1726641687097210, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49289, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:22:02.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:02.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:02.930] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:05.950] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24602 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5611ccea23eea29b75230b61bd0a69a10c4f7307c4081ef847ad651354936835&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022205Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:05.951] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:05.951] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:05.951] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:05.951] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:05.951] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:05.952] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:06.083] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362126082, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623265043523, "etime": 1726623265043523, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50369, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:06.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:06.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:06.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:09.104] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25028 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl?X-Amz-Date=20251210T022208Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=9fda84a2f07b60fc5be7c1ae1ee9f179866f4178343e226890ef0fe21ffa2e12&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:09.104] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:09.104] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:09.104] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:09.104] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:09.104] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:09.105] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:09.232] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362129231, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623265043523, "etime": 1726623265043523, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50369, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:09.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:09.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:09.232] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:12.209] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26266 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f07fb96a7851531bf193176b319ec80a53e5c8be0ccd9c021b0a1b254280f997&X-Amz-Date=20251210T022211Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:22:12.209] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:12.209] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:12.210] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:12.210] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:12.210] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:12.211] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:13.599] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl|result:{"code": 0, "total_count": 19, "abnormal_count": 0, "normal_count": 19, "alert_count": 0, "timestamp": 1765362133598, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726068518888456, "etime": 1726068518888456, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49258, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068520916898, "etime": 1726068520916898, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49260, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068510697604, "etime": 1726068510697604, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49248, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068509674494, "etime": 1726068509674494, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49247, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068448371465, "etime": 1726068448371465, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49245, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068522947978, "etime": 1726068522947978, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49262, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068516854548, "etime": 1726068516854548, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49256, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068513760265, "etime": 1726068513760265, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49252, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068515845542, "etime": 1726068515845542, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49255, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068519900705, "etime": 1726068519900705, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49259, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068515793243, "etime": 1726068515793243, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49254, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068521934981, "etime": 1726068521934981, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49261, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068448352279, "etime": 1726068448352279, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49244, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068511737428, "etime": 1726068511737428, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49250, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068508385984, "etime": 1726068508385984, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49246, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068517869372, "etime": 1726068517869372, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49257, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068511713266, "etime": 1726068511713266, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49249, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068512745073, "etime": 1726068512745073, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49251, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726068514775473, "etime": 1726068514775473, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49253, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:22:13.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:22:15.368] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25029 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022214Z&X-Amz-Signature=754b90899379ff1c211b83cb3040c4143bde6fb8bd891e5c2828c03bb65a4bfe&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:22:15.368] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:15.368] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:15.369] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:15.369] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:15.369] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:15.369] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:15.454] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362135454, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726050776178196, "etime": 1726050776178196, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50482, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:15.454] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:15.454] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:15.454] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:18.519] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26267 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022217Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c4bd5bfdc6082b8ec4ab426b66ed20d0c73a9460f7246dd4bda0c2237cf111dd&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:18.519] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:18.519] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:18.520] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:18.520] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:18.520] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:18.521] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:18.650] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362138649, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623640157921, "etime": 1726623640157921, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50370, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:18.650] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:18.650] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:18.650] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:21.670] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25030 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=95e675d45e0f475e9722fdeefd471b27aeab2293a68bda0ad112a45b7de01439&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022221Z"} [2025-12-10 10:22:21.671] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:21.671] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:21.671] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:21.671] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:21.671] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:21.672] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:21.803] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362141803, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623640157921, "etime": 1726623640157921, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50370, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:21.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:21.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:21.803] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:24.837] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24603 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022224Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9f9e01c826fcf656868513c20259ea5a774974db7c0ae7003895122fc055dab5"} [2025-12-10 10:22:24.837] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:24.837] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:24.837] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:24.837] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:24.837] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:24.838] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:24.969] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362144968, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052669784546, "etime": 1726052669784546, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50566, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:24.969] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:24.969] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:24.969] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:27.994] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25031 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl?X-Amz-Signature=a721df720c6306481430e6a3a2296ed24ca2f96573e8b848c492787e13724521&X-Amz-Date=20251210T022227Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:27.994] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:27.994] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:27.994] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:27.994] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:27.994] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:27.995] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:28.125] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362148125, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052669784546, "etime": 1726052669784546, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50566, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:28.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:28.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:28.125] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:31.097] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26268 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl?X-Amz-Signature=a7ce8d836a90f7ad660abcec1cac51662bf8d8f70b51ffbcc416800b6c86ee90&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022230Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:31.097] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:31.097] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:31.097] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:31.097] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:31.097] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:31.098] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:31.951] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl|result:{"code": 0, "total_count": 11, "abnormal_count": 0, "normal_count": 11, "alert_count": 0, "timestamp": 1765362151951, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726075319543854, "etime": 1726075319543854, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49776, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075317497476, "etime": 1726075317497476, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49773, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075320560290, "etime": 1726075320560290, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49777, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075321574610, "etime": 1726075321574610, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49778, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075318528911, "etime": 1726075318528911, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49775, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075316492589, "etime": 1726075316492589, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49772, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075256338022, "etime": 1726075256338022, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49769, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075256354921, "etime": 1726075256354921, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49770, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075321578954, "etime": 1726075321578954, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49779, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075316371824, "etime": 1726075316371824, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49771, "dest_port": 8081, "protocol": "tls", "result": "Normal"}, {"stime": 1726075318513343, "etime": 1726075318513343, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49774, "dest_port": 8081, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:22:31.951] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:22:34.248] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26269 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022233Z&X-Amz-Signature=bb7c1eea1c00ac63709519f91b7f36fa13196b102eec93c85cdb4792fb1cec2e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:34.248] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:34.248] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:34.249] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:34.249] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:34.249] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:34.249] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:34.350] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362154349, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727228273267937, "etime": 1727228273267937, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49161, "dest_port": 51129, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:34.350] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:34.350] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:34.350] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:37.395] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24604 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022236Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=35150cb020353dde9225246ee09f5f2c9f644a161aa8bf63b1dd435aaf385588"} [2025-12-10 10:22:37.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:37.395] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:37.395] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:37.396] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:37.396] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:37.396] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:37.525] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362157525, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641532684314, "etime": 1726641532684314, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49288, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:22:37.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:37.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:37.526] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:40.547] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25032 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022240Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6f4fdf95f96e29b70ab988114035361a2d5c72884ca16a7b3b7d477926bcfcc1&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:40.547] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:40.547] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:40.548] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:40.548] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:40.548] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:40.549] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:40.676] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362160675, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641532684314, "etime": 1726641532684314, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49288, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:22:40.676] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:40.676] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:40.676] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:43.710] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25033 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022243Z&X-Amz-Signature=dcdd19f000933043f64f4d940b60dc3ba06d53fa512fbf1659dbfc757c52590d&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:22:43.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:43.710] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:43.710] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:43.710] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:43.710] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:43.711] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:43.838] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362163838, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052444677988, "etime": 1726052444677988, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50557, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:43.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:43.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:43.838] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:46.864] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24605 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b01109fda2de342e8058913c4b4a0b6e47b8cab227c01a3bd98b503c5f904c05&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022246Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:46.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:46.865] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:46.865] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:46.865] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:46.865] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:46.866] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:46.996] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362166995, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052444677988, "etime": 1726052444677988, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50557, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:22:46.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:46.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:46.996] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:50.014] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26270 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022249Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a09734529fee88807c0ff7cba5dfa96fb7d7a652b9ad120ba1950a632b850264&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:22:50.014] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:50.014] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:50.014] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:50.014] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:50.014] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:50.015] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:50.143] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362170142, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726640312565120, "etime": 1726640312565120, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49275, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:22:50.143] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:22:53.158] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24606 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl?X-Amz-Signature=6e4fd89a37f80a7422f32fa220cd891f4143e92f4a81ff759e1651e255d52d5d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022252Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:22:53.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:53.158] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:53.158] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:53.159] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:53.159] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:53.159] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:53.289] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362173288, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726640312565120, "etime": 1726640312565120, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49275, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:22:53.289] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:22:56.310] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26271 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022255Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c40b6cd5c0f039f7c2f2f6bba7f629b7806924b2930db796e63f7b81896b1d14"} [2025-12-10 10:22:56.310] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:56.310] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:56.310] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:56.310] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:56.310] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:56.311] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:56.404] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362176403, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641385705722, "etime": 1726641385705722, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49287, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:22:56.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:56.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:56.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:22:59.462] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24607 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022258Z&X-Amz-Signature=0563d82cd656ee314e0b5e034ea6f7d68a06d3cc3be9c399cc8a29f3d306180d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:59.462] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:22:59.462] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:22:59.462] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:22:59.462] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:22:59.462] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:22:59.463] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:22:59.546] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362179546, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641385705722, "etime": 1726641385705722, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49287, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:22:59.546] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:22:59.546] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:59.546] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:02.622] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24608 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl?X-Amz-Signature=27969148c9a818d659452515dbe1e393b5aa9940f0731294958a4a3a84f8819b&X-Amz-Date=20251210T022302Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:02.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:02.622] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:02.622] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:02.622] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:02.622] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:02.623] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:08.285] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl|result:{"code": 1, "total_count": 80, "abnormal_count": 78, "normal_count": 2, "alert_count": 78, "timestamp": 1765362188283, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726232378280645, "etime": 1726232378280645, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232231953547, "etime": 1726232231953547, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49952, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232334975677, "etime": 1726232334975677, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232338583989, "etime": 1726232338583989, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49988, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232384324643, "etime": 1726232384324643, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50017, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232387327193, "etime": 1726232387327193, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50019, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232388837823, "etime": 1726232388837823, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232393354325, "etime": 1726232393354325, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50023, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232396383887, "etime": 1726232396383887, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50025, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232295559681, "etime": 1726232295559681, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49957, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232391841236, "etime": 1726232391841236, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50022, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232310657463, "etime": 1726232310657463, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49967, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232394847095, "etime": 1726232394847095, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50024, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232405493002, "etime": 1726232405493002, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50031, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232338022623, "etime": 1726232338022623, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232353324208, "etime": 1726232353324208, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232370750652, "etime": 1726232370750652, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232343075658, "etime": 1726232343075658, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232381302165, "etime": 1726232381302165, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232312170621, "etime": 1726232312170621, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49968, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232321218292, "etime": 1726232321218292, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49974, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232292543495, "etime": 1726232292543495, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232397918988, "etime": 1726232397918988, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232348820774, "etime": 1726232348820774, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49996, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726232301602891, "etime": 1726232301602891, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49961, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232403982616, "etime": 1726232403982616, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50030, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232372248959, "etime": 1726232372248959, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232402466527, "etime": 1726232402466527, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50029, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232297070445, "etime": 1726232297070445, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49958, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232331387839, "etime": 1726232331387839, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232322728119, "etime": 1726232322728119, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232300083731, "etime": 1726232300083731, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49960, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232298577541, "etime": 1726232298577541, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49959, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232361674063, "etime": 1726232361674063, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50002, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232303103928, "etime": 1726232303103928, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49962, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232326285987, "etime": 1726232326285987, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232364702139, "etime": 1726232364702139, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232313664883, "etime": 1726232313664883, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49969, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232367705431, "etime": 1726232367705431, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232407517544, "etime": 1726232407517544, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50033, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232333468955, "etime": 1726232333468955, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49984, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232366219693, "etime": 1726232366219693, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232294066367, "etime": 1726232294066367, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49956, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232358675271, "etime": 1726232358675271, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50000, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726232325731424, "etime": 1726232325731424, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232373764022, "etime": 1726232373764022, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50010, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232379807827, "etime": 1726232379807827, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232390331900, "etime": 1726232390331900, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50021, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232400951942, "etime": 1726232400951942, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50028, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232346721718, "etime": 1726232346721718, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232350335629, "etime": 1726232350335629, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232385832705, "etime": 1726232385832705, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232382812573, "etime": 1726232382812573, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50016, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232376769819, "etime": 1726232376769819, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232327802060, "etime": 1726232327802060, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49979, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232345211391, "etime": 1726232345211391, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232306118672, "etime": 1726232306118672, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49964, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232341580087, "etime": 1726232341580087, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232329872764, "etime": 1726232329872764, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49981, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726232319707778, "etime": 1726232319707778, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232332923799, "etime": 1726232332923799, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232363180711, "etime": 1726232363180711, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232343700198, "etime": 1726232343700198, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49992, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726232307617578, "etime": 1726232307617578, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49965, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232324238031, "etime": 1726232324238031, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49976, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232329330723, "etime": 1726232329330723, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232407005714, "etime": 1726232407005714, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50032, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232369221758, "etime": 1726232369221758, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232399436412, "etime": 1726232399436412, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232348247855, "etime": 1726232348247855, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232340081467, "etime": 1726232340081467, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232351829983, "etime": 1726232351829983, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49998, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232360157322, "etime": 1726232360157322, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50001, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232318197891, "etime": 1726232318197891, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49972, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232336490743, "etime": 1726232336490743, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232316686813, "etime": 1726232316686813, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49971, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232309129559, "etime": 1726232309129559, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49966, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232304619675, "etime": 1726232304619675, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49963, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232315176042, "etime": 1726232315176042, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726232375273522, "etime": 1726232375273522, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 78|max_alert: 1000 [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:08.285] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24609 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=79103368c9047ac84a27e24e234fce4a774e7a6be35baf9d08f72de7f089105f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022305Z&X-Amz-Expires=604800"} [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:08.285] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:08.286] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:11.816] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl|result:{"code": 1, "total_count": 51, "abnormal_count": 4, "normal_count": 47, "alert_count": 4, "timestamp": 1765362191814, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159735353447, "etime": 1727159735353447, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50493, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159727397092, "etime": 1727159727397092, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50486, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159722687145, "etime": 1727159722687145, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50481, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159624196346, "etime": 1727159624196346, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50445, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159723824752, "etime": 1727159723824752, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50482, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159699785755, "etime": 1727159699785755, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50460, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159693045182, "etime": 1727159693045182, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50454, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159694168659, "etime": 1727159694168659, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50455, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159687117391, "etime": 1727159687117391, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50449, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159704324389, "etime": 1727159704324389, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50464, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159736606126, "etime": 1727159736606126, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50496, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159698652174, "etime": 1727159698652174, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50459, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727159703185523, "etime": 1727159703185523, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50463, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159708879774, "etime": 1727159708879774, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50468, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159700923084, "etime": 1727159700923084, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50461, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159697585727, "etime": 1727159697585727, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50458, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159689644836, "etime": 1727159689644836, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50451, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159724002024, "etime": 1727159724002024, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50483, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159714527655, "etime": 1727159714527655, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50473, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159729675095, "etime": 1727159729675095, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50488, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159730813196, "etime": 1727159730813196, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50489, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159721547155, "etime": 1727159721547155, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50480, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159696446756, "etime": 1727159696446756, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50457, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159684404287, "etime": 1727159684404287, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50446, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727159705462830, "etime": 1727159705462830, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50465, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159695308151, "etime": 1727159695308151, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50456, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159702046585, "etime": 1727159702046585, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50462, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159685978431, "etime": 1727159685978431, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50448, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159706602484, "etime": 1727159706602484, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50466, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159713388064, "etime": 1727159713388064, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50472, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159714668711, "etime": 1727159714668711, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50474, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159725135017, "etime": 1727159725135017, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50484, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159731936760, "etime": 1727159731936760, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50490, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159734214305, "etime": 1727159734214305, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50492, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159715806939, "etime": 1727159715806939, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50475, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159684785795, "etime": 1727159684785795, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50447, "dest_port": 9443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727159716945137, "etime": 1727159716945137, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50476, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159726274300, "etime": 1727159726274300, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50485, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159728536281, "etime": 1727159728536281, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50487, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159711127348, "etime": 1727159711127348, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50470, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159718067988, "etime": 1727159718067988, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50477, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159712264573, "etime": 1727159712264573, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50471, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159691906984, "etime": 1727159691906984, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50453, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159733075751, "etime": 1727159733075751, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50491, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159719222201, "etime": 1727159719222201, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50478, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159688509735, "etime": 1727159688509735, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50450, "dest_port": 9443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727159720377717, "etime": 1727159720377717, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50479, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159736477442, "etime": 1727159736477442, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50495, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159690767728, "etime": 1727159690767728, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50452, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159707740555, "etime": 1727159707740555, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50467, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159710002755, "etime": 1727159710002755, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50469, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:11.816] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25034 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022308Z&X-Amz-Signature=98f2acede489de1e7a8d8e1a56f76148d17f9386c7881d72623769a185ecbc20&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:11.816] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:11.891] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362191890, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052591616089, "etime": 1726052591616089, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50563, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:11.891] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:11.891] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:11.891] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:12.087] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24610 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl?X-Amz-Signature=a6adadad6810a85ece6b4308bb0b1802642378cb9b7c93bf70806a3ca2710076&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022311Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:12.087] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:12.165] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362192165, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052591616089, "etime": 1726052591616089, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50563, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:12.165] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:12.165] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:12.165] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:15.238] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24611 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022314Z&X-Amz-Signature=fa71152084c4dc14a4c82faf1573d7267ef222d1f5d41d24b18255fdf2d29795&X-Amz-Expires=604800"} [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:15.238] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:15.306] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362195306, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049250307292, "etime": 1726049250307292, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50415, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:15.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:15.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:15.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:18.412] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26272 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=518656264e94e2638b02a73d5ed2d31d30d247d3a3023a330f9c9f86dcdbb8ca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022317Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:18.412] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:18.480] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362198480, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049250307292, "etime": 1726049250307292, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50415, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:18.480] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:18.480] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:18.480] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:21.515] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24612 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022321Z&X-Amz-Signature=afa7d128a367267c79fef294f4823334df46f5768c2c4b402f2baac02d759606"} [2025-12-10 10:23:21.515] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:21.515] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:21.516] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:21.516] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:21.516] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:21.516] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:23.347] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl|result:{"code": 0, "total_count": 26, "abnormal_count": 0, "normal_count": 26, "alert_count": 0, "timestamp": 1765362203346, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726075800778310, "etime": 1726075800778310, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49630, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075734209741, "etime": 1726075734209741, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49622, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075812946354, "etime": 1726075812946354, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49642, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075809903817, "etime": 1726075809903817, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49639, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075802807182, "etime": 1726075802807182, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49632, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075814974411, "etime": 1726075814974411, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49644, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075795698201, "etime": 1726075795698201, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49625, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075799764306, "etime": 1726075799764306, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49629, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075734228055, "etime": 1726075734228055, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49623, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075801791442, "etime": 1726075801791442, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49631, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075813959970, "etime": 1726075813959970, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49643, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075805851872, "etime": 1726075805851872, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49635, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075806861570, "etime": 1726075806861570, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49636, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075807875356, "etime": 1726075807875356, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49637, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075724031486, "etime": 1726075724031486, "src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "src_port": 49620, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726075796721129, "etime": 1726075796721129, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49626, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075797740200, "etime": 1726075797740200, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49627, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075803820806, "etime": 1726075803820806, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49633, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075794241831, "etime": 1726075794241831, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49624, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075798749755, "etime": 1726075798749755, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49628, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075808890112, "etime": 1726075808890112, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49638, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075811932285, "etime": 1726075811932285, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49641, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075724031562, "etime": 1726075724031562, "src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "src_port": 49621, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726075804833547, "etime": 1726075804833547, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49634, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075814981116, "etime": 1726075814981116, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49645, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1726075810917622, "etime": 1726075810917622, "src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "src_port": 49640, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:23:23.347] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:23:24.671] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25035 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2b8cd0313a7aca3b62815b0297c222f4ef3be4c1d8872e02b2a2975132dc3e34&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022324Z"} [2025-12-10 10:23:24.671] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:24.671] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:24.672] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:24.672] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:24.672] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:24.672] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:24.761] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362204761, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049197437796, "etime": 1726049197437796, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50412, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:24.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:24.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:24.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:27.812] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25036 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022327Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=31d64a153512d0d9c1844efd3e1169a4f2e7c21439e6517bf72e22771e3c39bd&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:23:27.812] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:27.812] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:27.812] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:27.812] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:27.812] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:27.813] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:27.935] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362207935, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726049197437796, "etime": 1726049197437796, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50412, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:27.935] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:27.935] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:27.935] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:30.955] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25037 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022330Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f9f7090c04b2b95cf13db67828c8a3518ffac58e75cb04e093619d606837a5c2"} [2025-12-10 10:23:30.955] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:30.955] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:30.955] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:30.955] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:30.955] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:30.956] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:31.083] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362211083, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640247129271, "etime": 1726640247129271, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49274, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:31.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:31.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:31.083] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:34.095] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25038 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl?X-Amz-Date=20251210T022333Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ce3d4bd96656f6deae14c192fc3b88ca2ae76acbc5f9eeabb9ded1e66829f6dd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:34.095] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:34.096] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:34.096] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:34.096] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:34.096] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:34.097] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:34.225] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362214225, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640247129271, "etime": 1726640247129271, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49274, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:34.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:34.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:34.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:37.254] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24613 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=5325ba436069dad6e6c3e7e1fc1b29f34361f189083d87f0edcd5b0c98da667b&X-Amz-Date=20251210T022336Z"} [2025-12-10 10:23:37.254] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:37.254] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:37.254] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:37.255] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:37.255] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:37.255] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:42.579] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl|result:{"code": 1, "total_count": 76, "abnormal_count": 74, "normal_count": 2, "alert_count": 74, "timestamp": 1765362222576, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726229812412961, "etime": 1726229812412961, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49231, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229850298197, "etime": 1726229850298197, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49256, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229756180807, "etime": 1726229756180807, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49172, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229778558470, "etime": 1726229778558470, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49202, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229765596191, "etime": 1726229765596191, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49184, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229807294860, "etime": 1726229807294860, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49227, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229781771908, "etime": 1726229781771908, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49205, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229830586240, "etime": 1726229830586240, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49243, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229774954368, "etime": 1726229774954368, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49196, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229802165004, "etime": 1726229802165004, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49223, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229815434922, "etime": 1726229815434922, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49233, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229832111705, "etime": 1726229832111705, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49244, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229760988894, "etime": 1726229760988894, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49178, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229762529291, "etime": 1726229762529291, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49180, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229851808456, "etime": 1726229851808456, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49257, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229864186446, "etime": 1726229864186446, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49262, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229810908415, "etime": 1726229810908415, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49230, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726229859670567, "etime": 1726229859670567, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49259, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229776470042, "etime": 1726229776470042, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49198, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229768662090, "etime": 1726229768662090, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49188, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229790198841, "etime": 1726229790198841, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49214, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229867745189, "etime": 1726229867745189, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49265, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229865725341, "etime": 1726229865725341, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49263, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229844219868, "etime": 1726229844219868, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49252, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229803699033, "etime": 1726229803699033, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49224, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229759462260, "etime": 1726229759462260, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49176, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229838115054, "etime": 1726229838115054, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49248, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229847212928, "etime": 1726229847212928, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49254, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229842721914, "etime": 1726229842721914, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229861181236, "etime": 1726229861181236, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49260, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229826024979, "etime": 1726229826024979, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49240, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229829075641, "etime": 1726229829075641, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49242, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229788658019, "etime": 1726229788658019, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49212, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229818457991, "etime": 1726229818457991, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49235, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229867246003, "etime": 1726229867246003, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49264, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229821463606, "etime": 1726229821463606, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49237, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229805795174, "etime": 1726229805795174, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49226, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229773407395, "etime": 1726229773407395, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49194, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229784904141, "etime": 1726229784904141, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49208, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229793219679, "etime": 1726229793219679, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49216, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229845732448, "etime": 1726229845732448, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49253, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229780151385, "etime": 1726229780151385, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49204, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229771749903, "etime": 1726229771749903, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49192, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229793758625, "etime": 1726229793758625, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49217, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229764085780, "etime": 1726229764085780, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49182, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229757936766, "etime": 1726229757936766, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49174, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229835110570, "etime": 1726229835110570, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49246, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229858153201, "etime": 1726229858153201, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49258, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726229827550132, "etime": 1726229827550132, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49241, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229796768536, "etime": 1726229796768536, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49219, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229822989927, "etime": 1726229822989927, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49238, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229848771837, "etime": 1726229848771837, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49255, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229791709190, "etime": 1726229791709190, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49215, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229808808629, "etime": 1726229808808629, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49228, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229787132688, "etime": 1726229787132688, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726229777982923, "etime": 1726229777982923, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49200, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229770214858, "etime": 1726229770214858, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49190, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229804287596, "etime": 1726229804287596, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726229813924147, "etime": 1726229813924147, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229767122027, "etime": 1726229767122027, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49186, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229816946573, "etime": 1726229816946573, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49234, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229862690268, "etime": 1726229862690268, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49261, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229786431321, "etime": 1726229786431321, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49209, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229800659689, "etime": 1726229800659689, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49222, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229795258714, "etime": 1726229795258714, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49218, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229783314641, "etime": 1726229783314641, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49206, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229819968183, "etime": 1726229819968183, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49236, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229810322425, "etime": 1726229810322425, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49229, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229824498655, "etime": 1726229824498655, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49239, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229836613080, "etime": 1726229836613080, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49247, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229798293656, "etime": 1726229798293656, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49220, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229799132107, "etime": 1726229799132107, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49221, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229839615594, "etime": 1726229839615594, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49249, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229841193103, "etime": 1726229841193103, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49250, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229833620391, "etime": 1726229833620391, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49245, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726229695400321, "etime": 1726229695400321, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "src_port": 49170, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 74|max_alert: 1000 [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:42.579] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24614 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022339Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c4c3144e85588cdf694994941ac4b30b5a6810845898d142561213d73d0a2afa"} [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:42.579] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:42.656] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362222655, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641246242361, "etime": 1726641246242361, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49286, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:42.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:42.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:42.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:43.546] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24615 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl?X-Amz-Signature=6d2f18924aca212eced2d5f3840a22b27d485522aafc454f78e431e851cdaa4a&X-Amz-Date=20251210T022343Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:23:43.546] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:43.546] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:43.546] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:43.546] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:43.546] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:43.547] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:43.633] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362223633, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726641246242361, "etime": 1726641246242361, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49286, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:43.633] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:43.633] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:43.633] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:46.694] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24616 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022346Z&X-Amz-Signature=cafe921a1e80738ccd5c45369008d99088faa68898820f8048b907e11266243a&X-Amz-Expires=604800"} [2025-12-10 10:23:46.694] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:46.694] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:46.694] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:46.694] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:46.694] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:46.695] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:46.823] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362226823, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046709018272, "etime": 1726046709018272, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50353, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:46.823] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:46.823] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:46.823] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:49.849] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25039 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=6f2f4654b414f106de85d1a37b06b29bdbc50ce578c2ff832997ab122f6985ad&X-Amz-Date=20251210T022349Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:49.849] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:49.850] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:49.850] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:49.850] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:49.850] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:49.851] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:49.979] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362229979, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046709018272, "etime": 1726046709018272, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50353, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:49.979] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:49.979] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:49.979] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:52.993] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24617 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=36f9a8745bbedef408934f9c776dbe38be6041ce1d04de4822bd9a082419fa47&X-Amz-Date=20251210T022352Z"} [2025-12-10 10:23:52.993] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:52.994] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:52.994] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:52.994] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:52.994] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:52.995] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:53.123] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362233123, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640164900813, "etime": 1726640164900813, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49273, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:53.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:53.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:53.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:56.136] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25040 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=530be5828ddd2ce0cfba7013b7d230da4975c3838be0af31882971d9e3845f77&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022355Z"} [2025-12-10 10:23:56.136] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:56.136] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:56.136] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:56.137] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:56.137] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:56.137] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:56.267] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362236267, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640164900813, "etime": 1726640164900813, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49273, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:23:56.267] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:56.267] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:56.267] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:23:59.276] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25041 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl?X-Amz-Signature=bfad0447e37e009e4ec31c199a31fb30a469647270110eb611ff3312bf1856cd&X-Amz-Expires=604800&X-Amz-Date=20251210T022358Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:59.276] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:23:59.276] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:23:59.276] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:23:59.276] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:23:59.276] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:23:59.277] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:23:59.411] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362239410, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052381892033, "etime": 1726052381892033, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50554, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:23:59.411] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:23:59.411] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:59.411] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:02.408] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26273 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=83020d4a3b902b75196f0e185032e5a903f524c47575298eb8ab23e293109d8e&X-Amz-Date=20251210T022401Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:24:02.408] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:02.408] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:02.408] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:02.408] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:02.408] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:02.409] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:02.538] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362242538, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052381892033, "etime": 1726052381892033, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50554, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:02.538] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:02.538] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:02.538] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:05.599] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26274 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022405Z&X-Amz-Signature=ac8bb3feae3ba5152f3b8fe0975a265bceb5bd4738048b30c9f92e692e314452&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:24:05.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:05.599] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:05.599] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:05.599] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:05.599] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:05.600] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:06.513] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl|result:{"code": 1, "total_count": 12, "abnormal_count": 11, "normal_count": 1, "alert_count": 11, "timestamp": 1765362246512, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817761587139, "etime": 1726817761587139, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51910, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817777020698, "etime": 1726817777020698, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51911, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726817701131928, "etime": 1726817701131928, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51908, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817457283627, "etime": 1726817457283627, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51898, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817609754651, "etime": 1726817609754651, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51904, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817549330216, "etime": 1726817549330216, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51902, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817837490769, "etime": 1726817837490769, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51913, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817852939448, "etime": 1726817852939448, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51914, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817625182947, "etime": 1726817625182947, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51905, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817685669791, "etime": 1726817685669791, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51907, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726817532765719, "etime": 1726817532765719, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51900, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1726817548826889, "etime": 1726817548826889, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51901, "dest_port": 22, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:24:06.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:24:06.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:06.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:08.737] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25042 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=7f5a07595f298b2a2685a936dd930021b80334c87601f9362a2742b9b0eefe2b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022408Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:08.737] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:08.737] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:08.737] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:08.737] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:08.737] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:08.738] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:08.839] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362248839, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726640074833465, "etime": 1726640074833465, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49272, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:24:08.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:08.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:08.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:11.883] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25043 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=18df1b3b7c85903729a58911ddaed229e1fd8420efbf89cf3da2bbacb35e31fb&X-Amz-Date=20251210T022411Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:11.883] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:11.883] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:11.883] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:11.883] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:11.883] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:11.884] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:12.015] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362252014, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052090721159, "etime": 1726052090721159, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50540, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:12.015] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:12.015] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:12.015] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:15.026] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26275 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl?X-Amz-Signature=04297fda4d8321a513a91c2c2952887a64fd1c435f3897e2b37b0e720322ab80&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022414Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:15.026] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:15.026] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:15.026] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:15.026] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:15.026] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:15.027] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:15.157] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362255156, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052090721159, "etime": 1726052090721159, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50540, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:15.157] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:15.157] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:15.157] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:18.172] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24618 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d8e96bfce65bce992c0e85e9cb48a38fb699aefea4bb6085b1f776af41f09119&X-Amz-Date=20251210T022417Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:24:18.172] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:18.173] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:18.173] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:18.173] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:18.173] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:18.174] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:18.307] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362258306, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726641177983880, "etime": 1726641177983880, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49285, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:24:18.307] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:24:21.313] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24619 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2a1dbc84dd4ebb5f20f5554338578b20a887f660d482ead848bb6c1327ff8033&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022420Z"} [2025-12-10 10:24:21.313] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:21.313] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:21.313] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:21.313] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:21.313] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:21.314] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:21.430] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362261429, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726641177983880, "etime": 1726641177983880, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49285, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:24:21.430] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:24:24.455] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24620 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022423Z&X-Amz-Signature=86d21e6c65c5e6985748e65f2260fcaf7183de80fe13718dc04814e827de4977&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:24.456] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:24.456] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:24.456] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:24.456] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:24.456] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:24.457] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:24.586] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362264586, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052039298962, "etime": 1726052039298962, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50537, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:24.587] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:24.587] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:24.587] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:27.598] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26276 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl?X-Amz-Date=20251210T022427Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bdb3917d18241cacfe651db0e8bec7bd80a996910f617c1c0f4a12a8dd5057f7"} [2025-12-10 10:24:27.599] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:27.599] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:27.599] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:27.599] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:27.599] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:27.600] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:27.729] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362267728, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726052039298962, "etime": 1726052039298962, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50537, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:27.729] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:27.729] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:27.729] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:30.743] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25044 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022430Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=605b733a2abd0743b5143e4d6521d7e953c3468fddfab21ec91c61b23f32581c"} [2025-12-10 10:24:30.743] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:30.743] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:30.744] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:30.744] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:30.744] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:30.745] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:30.872] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362270872, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051773927465, "etime": 1726051773927465, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50524, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:30.872] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:30.872] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:30.872] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:33.890] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26277 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl?X-Amz-Date=20251210T022433Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=4c96f7854a372a07e44f2ebb81a74ecb195115e4a26857546355a636f8ee7ebc&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:33.890] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:33.890] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:33.891] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:33.891] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:33.891] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:33.892] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:34.024] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362274023, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051773927465, "etime": 1726051773927465, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50524, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:34.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:34.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:34.024] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:37.027] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26278 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022436Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=c5576b9600be9b22e38df0a4b0f83292eb50edac81eca1422e939c36ceff9ab1"} [2025-12-10 10:24:37.027] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:37.027] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:37.028] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:37.028] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:37.028] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:37.029] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:37.158] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362277158, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051978252084, "etime": 1726051978252084, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50534, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:37.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:37.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:37.158] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:40.165] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24621 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=dd2c21d27e5ed30b8904858f429f75642c02e0a5e17871807f669fb403849870&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022439Z"} [2025-12-10 10:24:40.165] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:40.165] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:40.165] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:40.165] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:40.165] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:40.166] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:40.299] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362280299, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051978252084, "etime": 1726051978252084, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50534, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:40.299] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:40.299] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:40.299] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:43.291] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26279 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4f206e88cd210ce824f77f71091dd786cbd793b324d0465a17e6737e40d02c5d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022442Z"} [2025-12-10 10:24:43.291] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:43.291] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:43.291] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:43.291] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:43.291] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:43.292] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:43.493] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl|result:{"code": 1, "total_count": 2, "abnormal_count": 1, "normal_count": 1, "alert_count": 1, "timestamp": 1765362283493, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726040470461471, "etime": 1726040470461471, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49217, "dest_port": 50050, "protocol": "tls", "result": "Normal"}, {"stime": 1726040473120564, "etime": 1726040473120564, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49218, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:43.493] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:43.493] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:43.493] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:46.429] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24622 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022445Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=63fd06bea403fa607fb0b42952bfc2a1c297380de022d8e3d3de82893b9ea455"} [2025-12-10 10:24:46.429] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:46.429] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:46.429] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:46.429] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:46.429] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:46.430] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:46.537] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362286536, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623784238637, "etime": 1726623784238637, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50371, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:24:46.537] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:46.537] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:46.537] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:49.571] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26280 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022449Z&X-Amz-Signature=772cb83ab478bbc752df627df19af767df0b359841c8926835f2b81b4331d53d&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:24:49.571] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:49.571] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:49.571] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:49.571] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:49.571] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:49.572] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:49.703] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362289703, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726623784238637, "etime": 1726623784238637, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50371, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:24:49.703] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:49.703] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:49.703] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:52.708] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26281 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022452Z&X-Amz-Signature=e10dd512dabdaf5c3e929a25cc2577ad002a1db00face57434f9ee59dbdd3f84"} [2025-12-10 10:24:52.708] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:52.708] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:52.708] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:52.708] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:52.708] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:52.709] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:52.840] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362292839, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726040473120564, "etime": 1726040473120564, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49218, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:52.840] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:52.840] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:52.840] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:55.848] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25045 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022455Z&X-Amz-Signature=af665d6da54c3fdd40afeb55611e469925df953c0a2adc10e100667ed63217a6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:55.848] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:55.848] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:55.848] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:55.848] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:55.848] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:55.849] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:55.976] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362295975, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046306166828, "etime": 1726046306166828, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50347, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:55.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:55.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:55.976] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:24:58.975] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24623 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl?X-Amz-Signature=4ea696dd468dba35adecfa58719d264ff5d353dc1baff5979d7ba83c60ec8ff6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022458Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:58.975] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:24:58.975] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:24:58.975] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:24:58.975] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:24:58.975] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:24:58.976] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:24:59.106] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362299105, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046306166828, "etime": 1726046306166828, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50347, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:24:59.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:24:59.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:59.106] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:02.116] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26282 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=12beff75cdc74f2d3b456c20bb400729df9f73f8a9dbfdd6bb541911dc32bf76&X-Amz-Date=20251210T022501Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:02.116] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:02.116] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:02.117] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:02.117] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:02.117] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:02.117] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:02.247] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362302247, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046026931894, "etime": 1726046026931894, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50340, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:02.247] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:02.247] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:02.247] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:05.256] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24624 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022504Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2acdcf6250ab05999b6bc47174ea29ede87a3b5857b60da72bd0000a2af9bdb4"} [2025-12-10 10:25:05.256] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:05.256] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:05.256] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:05.256] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:05.256] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:05.257] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:05.385] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362305384, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726046026931894, "etime": 1726046026931894, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "src_port": 50340, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:05.385] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:05.385] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:05.385] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:08.388] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25046 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b250a0bd3587a59a704ca3d32ba934e81c470faa23ff50410237d1adcdfbbfed&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022507Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:08.389] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:08.389] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:08.389] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:08.389] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:08.389] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:08.390] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:08.519] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362308519, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726025194226887, "etime": 1726025194226887, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50225, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:08.519] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:08.520] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:08.520] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:11.522] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25047 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022511Z&X-Amz-Signature=47e352b804b5f6e50b5c58a13b562322f3e1ea0ad62ea1ce5bded853bd900ce6"} [2025-12-10 10:25:11.522] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:11.522] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:11.522] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:11.522] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:11.522] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:11.523] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:11.653] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362311652, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726022173062565, "etime": 1726022173062565, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 49948, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:11.653] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:11.653] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:11.653] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:14.660] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26283 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl?X-Amz-Date=20251210T022514Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a384c4c27bbd170aff3c6d865ff1b9c52fc7d0a722945ef75fa3fd9d275c9c3e"} [2025-12-10 10:25:14.660] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:14.660] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:14.661] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:14.661] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:14.661] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:14.661] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:14.792] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362314792, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726022173062565, "etime": 1726022173062565, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 49948, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:14.792] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:14.792] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:14.792] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:17.793] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26284 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022517Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c8d732c588759d4600e5918efcb74147450158d8acb624f2dee420552755fdf3"} [2025-12-10 10:25:17.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:17.793] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:17.793] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:17.793] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:17.793] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:17.794] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:17.924] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362317923, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726025194226887, "etime": 1726025194226887, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50225, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:17.924] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:17.924] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:17.924] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:20.926] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26285 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022520Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=db3b6e40dbc84ef3a01358308d5a98057267ca3b42f2776b446533b73098f376"} [2025-12-10 10:25:20.926] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:20.926] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:20.926] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:20.927] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:20.927] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:20.927] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:21.055] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362321054, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726017084574618, "etime": 1726017084574618, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 49721, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:21.055] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:21.055] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:21.055] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:24.050] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25048 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022523Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fada07c49a7ed020305e82cb643a61585214a9312f5a1e7766b85fab6aacd636"} [2025-12-10 10:25:24.050] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:24.050] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:24.050] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:24.050] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:24.050] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:24.051] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:24.179] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362324179, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726017084574618, "etime": 1726017084574618, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 49721, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:24.180] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:24.180] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:24.180] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:27.185] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25049 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=4d2b736ea4e4ce61ce4bb1d3c79b7c869dc349377991aabb7e36ee543d9fcbc5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022526Z&X-Amz-Expires=604800"} [2025-12-10 10:25:27.185] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:27.185] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:27.186] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:27.186] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:27.186] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:27.187] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:27.314] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362327313, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042424495342, "etime": 1726042424495342, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42299, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:25:27.314] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:27.314] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:27.314] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:30.292] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24625 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022529Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9d931965af8b3d5118a4d7cf536c549d176a09313122bc9bee8f6674f6fed012"} [2025-12-10 10:25:30.292] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:30.292] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:30.293] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:30.293] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:30.293] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:30.293] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:30.420] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362330419, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726284531502049, "etime": 1726284531502049, "src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "src_port": 6945, "dest_port": 3389, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:30.420] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:33.395] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24626 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl?X-Amz-Signature=84bb48d3adb81017b74d229e720425505a716c723b78fca3555f3c964bf0d659&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022533Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:25:33.395] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:33.395] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:33.395] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:33.395] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:33.395] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:33.396] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:33.530] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362333529, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192027722279, "etime": 1726192027722279, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11237, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:33.530] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:36.497] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26286 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022536Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b968153724fc77abb46504d895642ac8783bb218576e57bef7c41522be0f7c9f"} [2025-12-10 10:25:36.498] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:36.498] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:36.498] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:36.498] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:36.498] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:36.499] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:36.622] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362336622, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192280680886, "etime": 1726192280680886, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11657, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:36.622] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:39.628] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25050 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl?X-Amz-Signature=62a76d21983e8812b8036debf1808ae05dc87f477fab8ab10badfebb2bc2906f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022539Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:25:39.628] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:39.628] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:39.628] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:39.629] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:39.629] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:39.629] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:41.174] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765362341173, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1728732984898406, "etime": 1728732984898406, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34638, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733001100097, "etime": 1728733001100097, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34650, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732992945352, "etime": 1728732992945352, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34644, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733009149141, "etime": 1728733009149141, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34654, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733017255114, "etime": 1728733017255114, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34660, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733021311724, "etime": 1728733021311724, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34664, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733001046199, "etime": 1728733001046199, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34648, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732980786015, "etime": 1728732980786015, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34634, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732968632666, "etime": 1728732968632666, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34626, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732968633786, "etime": 1728732968633786, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34628, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732996996368, "etime": 1728732996996368, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34646, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733005096552, "etime": 1728733005096552, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34652, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732972685662, "etime": 1728732972685662, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34630, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732988947171, "etime": 1728732988947171, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34642, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732984836648, "etime": 1728732984836648, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34636, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733017339526, "etime": 1728733017339526, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34662, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1728732988894486, "etime": 1728732988894486, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34640, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733025367250, "etime": 1728733025367250, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34666, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728732976735916, "etime": 1728732976735916, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34632, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1728733009223433, "etime": 1728733009223433, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34656, "dest_port": 8888, "protocol": "tls", "result": "Godzilla"}, {"stime": 1728733013200728, "etime": 1728733013200728, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 34658, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:41.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:25:41.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:41.174] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:42.759] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26287 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl?X-Amz-Expires=604800&X-Amz-Signature=e5703ebecc0d814e30798cd5b7836922815c953c27b9aa622dad4b3dc17238bb&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022542Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:42.759] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:42.759] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:42.760] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:42.760] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:42.760] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:42.760] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:44.264] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765362344263, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1728727783934142, "etime": 1728727783934142, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56970, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727779878198, "etime": 1728727779878198, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56966, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727792039159, "etime": 1728727792039159, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56974, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727824470264, "etime": 1728727824470264, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56996, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727808243605, "etime": 1728727808243605, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56984, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727796089087, "etime": 1728727796089087, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56976, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727828524385, "etime": 1728727828524385, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57000, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727824545244, "etime": 1728727824545244, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56998, "dest_port": 7777, "protocol": "tls", "result": "Godzilla"}, {"stime": 1728727800139367, "etime": 1728727800139367, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56978, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727816420918, "etime": 1728727816420918, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56992, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727832578507, "etime": 1728727832578507, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57002, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727836633195, "etime": 1728727836633195, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57006, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727816358670, "etime": 1728727816358670, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56990, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727804191404, "etime": 1728727804191404, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56980, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727787988489, "etime": 1728727787988489, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56972, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727812295179, "etime": 1728727812295179, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56986, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727779880092, "etime": 1728727779880092, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56968, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727812358925, "etime": 1728727812358925, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56988, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727820416099, "etime": 1728727820416099, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56994, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1728727832656041, "etime": 1728727832656041, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57004, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1728727804249748, "etime": 1728727804249748, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 56982, "dest_port": 7777, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:44.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:25:44.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:44.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:45.895] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24627 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl?X-Amz-Date=20251210T022545Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=e0acd2f914a91ccff20ac8ce47c5b9b5ded0a1043b7d78eaf77a6e83001d4e22"} [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:45.896] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:45.982] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362345981, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725954694469871, "etime": 1725954694469871, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 20222, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:25:45.982] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:25:45.982] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:45.982] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:25:48.997] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26288 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl?X-Amz-Expires=604800&X-Amz-Signature=1fda204fbb422a7c2515c49fe08a855f173e77f31e150f8b32ef86d1bce682b7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022548Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:48.998] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:48.998] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:48.998] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:48.998] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:48.998] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:48.999] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:49.123] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362349123, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192068392442, "etime": 1726192068392442, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11237, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:49.123] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:52.101] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24628 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022551Z&X-Amz-Signature=62e32480ebb88bef3bcde278169ae8389200e03197ba1cbeb117c141f2ce7511&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:52.101] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:52.101] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:52.102] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:52.102] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:52.102] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:52.103] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:52.234] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362352233, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192105257091, "etime": 1726192105257091, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11333, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:52.234] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:55.231] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24629 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022554Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e7ec626b060a6cf415251ed070bdaad9ba37d4f591ec5850032261a5b9791131&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:55.231] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:55.231] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:55.232] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:55.232] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:55.232] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:55.233] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:55.423] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765362355422, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726039121341960, "etime": 1726039121341960, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49204, "dest_port": 50050, "protocol": "tls", "result": "Normal"}, {"stime": 1726039128940134, "etime": 1726039128940134, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49205, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:25:55.423] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:25:58.427] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26289 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=78736b4a7d0af836f6d4693481fe1965cb443db6d0394f5f3f7a3f46486ef7a0&X-Amz-Date=20251210T022557Z&X-Amz-Expires=604800"} [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:25:58.427] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:25:59.279] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl|result:{"code": 1, "total_count": 12, "abnormal_count": 11, "normal_count": 1, "alert_count": 11, "timestamp": 1765362359278, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814967196763, "etime": 1726814967196763, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51814, "dest_port": 446, "protocol": "tls", "result": "Antsword"}, {"stime": 1726814951753833, "etime": 1726814951753833, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51813, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814707450913, "etime": 1726814707450913, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51802, "dest_port": 446, "protocol": "tls", "result": "Behinder"}, {"stime": 1726815043086014, "etime": 1726815043086014, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51817, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814875856371, "etime": 1726814875856371, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51810, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814815421540, "etime": 1726814815421540, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51808, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814632001396, "etime": 1726814632001396, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51800, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814723520596, "etime": 1726814723520596, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "src_port": 51804, "dest_port": 22, "protocol": "tls", "result": "Normal"}, {"stime": 1726814724556757, "etime": 1726814724556757, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51805, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814799990987, "etime": 1726814799990987, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51807, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726815027628973, "etime": 1726815027628973, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51816, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726814891301072, "etime": 1726814891301072, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51811, "dest_port": 446, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:25:59.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:25:59.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:59.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:01.561] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24630 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=eafc0d4b2922521c654396d02620e23de63fb41ea83759ac5154a58a0c43f2f5&X-Amz-Date=20251210T022601Z"} [2025-12-10 10:26:01.561] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:01.561] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:01.561] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:01.561] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:01.561] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:01.562] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:01.662] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362361662, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726039128940134, "etime": 1726039128940134, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49205, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:01.663] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:04.689] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24631 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022604Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8465b11a56a605bfa4ba4914814181f03ee7fbf9f8a5a3d4c8d208bf256504f0"} [2025-12-10 10:26:04.690] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:04.690] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:04.690] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:04.690] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:04.690] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:04.691] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:04.821] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362364820, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725956188682291, "etime": 1725956188682291, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 23792, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:04.821] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:04.821] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:04.821] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:07.793] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26290 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl?X-Amz-Date=20251210T022607Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5ff33f6bfdbb39698019c2fea13b96734c6f19873652ffc7f792e0b5e3545a3d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:26:07.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:07.793] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:07.793] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:07.793] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:07.793] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:07.794] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:07.923] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362367922, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192241565192, "etime": 1726192241565192, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11500, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:07.923] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:10.923] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26291 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=dd3c1e7682b6d8de4869a67ddf8688969d53bbe09805621664b1e81950509ffa&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022610Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:10.923] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:10.923] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:10.924] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:10.924] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:10.924] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:10.925] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:11.054] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362371053, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042297514577, "etime": 1726042297514577, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42110, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:11.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:11.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:11.054] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:14.056] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26292 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=43a7ddfdc4fde5b457cb08f059f840a8a9137b0547c4ed92590f0c31e2a7f5e5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022613Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:14.056] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:14.056] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:14.056] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:14.056] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:14.056] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:14.057] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:14.185] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362374184, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051942266768, "etime": 1726051942266768, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50532, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:14.185] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:14.185] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:14.185] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:17.190] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26293 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=28154547406145964f2230d98583b4b4c77f00e084be021c9f75cbd90483748d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022616Z"} [2025-12-10 10:26:17.190] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:17.190] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:17.190] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:17.191] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:17.191] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:17.191] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:17.322] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362377321, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051942266768, "etime": 1726051942266768, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50532, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:17.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:17.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:17.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:20.293] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26294 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl?X-Amz-Date=20251210T022619Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e7b3c04060b270820fdea56f109a0087188607bd1c2d4332892d786c9eeddebb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:26:20.293] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:20.293] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:20.293] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:20.293] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:20.293] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:20.294] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:20.414] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362380414, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192308674125, "etime": 1726192308674125, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11657, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:20.414] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:23.425] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25051 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl?X-Amz-Signature=47c60aeed415a95f413e1a023423e7ed2cea5de3ca0329de71f24a193b3f3ec7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022622Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:26:23.425] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:23.425] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:23.425] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:23.425] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:23.425] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:23.426] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:23.556] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362383556, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051899688726, "etime": 1726051899688726, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50530, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:23.557] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:23.557] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:23.557] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:26.549] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25052 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=2f523cbe186366c74654d477213f55a6a1d36cdc4fd2d394106204048ec72e30&X-Amz-Date=20251210T022626Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:26.549] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:26.550] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:26.550] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:26.550] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:26.550] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:26.551] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:26.682] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362386682, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726051899688726, "etime": 1726051899688726, "src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "src_port": 50530, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:26.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:26.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:26.682] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:29.654] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26295 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f3e8dd32acfebd85836e496aa602df69cae0e8fb91fd5a805f3abbe088621cdc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022629Z"} [2025-12-10 10:26:29.654] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:29.654] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:29.654] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:29.654] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:29.654] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:29.655] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:29.787] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362389786, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726042454524772, "etime": 1726042454524772, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42299, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:29.787] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:32.784] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24632 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022632Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d6540782ff5c4af6eb5c30448fa83bff8be7bece50123a43e05e844b12c074ab"} [2025-12-10 10:26:32.785] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:32.785] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:32.785] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:32.785] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:32.785] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:32.786] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:34.970] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl|result:{"code": 0, "total_count": 30, "abnormal_count": 0, "normal_count": 30, "alert_count": 0, "timestamp": 1765362394969, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212587668450, "etime": 1726212587668450, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50106, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212598854624, "etime": 1726212598854624, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50119, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212588686451, "etime": 1726212588686451, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50107, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212595810129, "etime": 1726212595810129, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50115, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212582577974, "etime": 1726212582577974, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50099, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212590734115, "etime": 1726212590734115, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50110, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212594793021, "etime": 1726212594793021, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50114, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212584613315, "etime": 1726212584613315, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50102, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212585629755, "etime": 1726212585629755, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50103, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212600874625, "etime": 1726212600874625, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50121, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212593777231, "etime": 1726212593777231, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50113, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212590720531, "etime": 1726212590720531, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50109, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212591744685, "etime": 1726212591744685, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50111, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212586663995, "etime": 1726212586663995, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50105, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212582592630, "etime": 1726212582592630, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50100, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212579519747, "etime": 1726212579519747, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50095, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212589703128, "etime": 1726212589703128, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50108, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212571469267, "etime": 1726212571469267, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50093, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212596821143, "etime": 1726212596821143, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50117, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212580538940, "etime": 1726212580538940, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50096, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212575493736, "etime": 1726212575493736, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50094, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212592759714, "etime": 1726212592759714, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50112, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212595828770, "etime": 1726212595828770, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50116, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212597836036, "etime": 1726212597836036, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50118, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212581556878, "etime": 1726212581556878, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50097, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212599864464, "etime": 1726212599864464, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50120, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212586649881, "etime": 1726212586649881, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50104, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212581573068, "etime": 1726212581573068, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50098, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212583597410, "etime": 1726212583597410, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50101, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212571468512, "etime": 1726212571468512, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50092, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:34.970] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:35.906] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26296 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl?X-Amz-Signature=9dc87a7cac9aec2ff3a140b98c7c521d2e248fc2d546911db62a018d721f1016&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022635Z"} [2025-12-10 10:26:35.906] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:35.906] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:35.906] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:35.906] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:35.906] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:35.907] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:36.059] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl|result:{"code": 1, "total_count": 2, "abnormal_count": 1, "normal_count": 1, "alert_count": 1, "timestamp": 1765362396059, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726044661703336, "etime": 1726044661703336, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49260, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}, {"stime": 1726044658246049, "etime": 1726044658246049, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49259, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:36.059] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:36.059] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:36.059] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:39.033] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26297 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022638Z&X-Amz-Expires=604800&X-Amz-Signature=f6a5a0b47fcd4b0e3cc9b29b81386b3c210c9d1462ac5d1e0e58e059b20e00ba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:39.033] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:39.033] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:39.033] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:39.033] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:39.033] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:39.034] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:39.138] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362399137, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726044661703336, "etime": 1726044661703336, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49260, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:39.138] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:39.138] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:39.138] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:42.135] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26298 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022641Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b6abcdfea66f44b515cf886a2cc06e7290fad64e7e11878c92e3e584d87550ac"} [2025-12-10 10:26:42.135] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:42.135] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:42.135] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:42.135] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:42.135] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:42.136] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:42.261] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362402261, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726715820091771, "etime": 1726715820091771, "src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "src_port": 62448, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:42.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:45.263] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24633 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022644Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=497fa29cb8053e53edcbdcd030b88e626d15a8041bdc758c584fe866672f0aee"} [2025-12-10 10:26:45.263] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:45.263] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:45.264] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:45.264] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:45.264] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:45.265] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:45.528] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl|result:{"code": 1, "total_count": 3, "abnormal_count": 1, "normal_count": 2, "alert_count": 1, "timestamp": 1765362405528, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726043311975271, "etime": 1726043311975271, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49234, "dest_port": 50050, "protocol": "tls", "result": "Normal"}, {"stime": 1726043317835800, "etime": 1726043317835800, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49236, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}, {"stime": 1726043314857611, "etime": 1726043314857611, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49235, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:45.528] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:45.528] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:45.528] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:48.392] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24634 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl?X-Amz-Date=20251210T022647Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6f2c514352d4a715c4cfb58c7a0cc946b963c73c005397f94b850c91f1cd0593&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:48.392] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:48.392] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:48.392] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:48.392] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:48.392] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:48.393] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:50.338] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl|result:{"code": 0, "total_count": 28, "abnormal_count": 0, "normal_count": 28, "alert_count": 0, "timestamp": 1765362410338, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212527181009, "etime": 1726212527181009, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50070, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212537362415, "etime": 1726212537362415, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50082, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212546521385, "etime": 1726212546521385, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50091, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212534307584, "etime": 1726212534307584, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50079, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212530226465, "etime": 1726212530226465, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50074, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212538379312, "etime": 1726212538379312, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50083, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212535326495, "etime": 1726212535326495, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50080, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212544485194, "etime": 1726212544485194, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50089, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212531261814, "etime": 1726212531261814, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50076, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212514096211, "etime": 1726212514096211, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50064, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212539396437, "etime": 1726212539396437, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50084, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212541432153, "etime": 1726212541432153, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50086, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212526148172, "etime": 1726212526148172, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50068, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212514096975, "etime": 1726212514096975, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50065, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212528186557, "etime": 1726212528186557, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50071, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212529204194, "etime": 1726212529204194, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50072, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212536345034, "etime": 1726212536345034, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50081, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212542451876, "etime": 1726212542451876, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50087, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212543467688, "etime": 1726212543467688, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50088, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212531245138, "etime": 1726212531245138, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50075, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212522123277, "etime": 1726212522123277, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50067, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212518109192, "etime": 1726212518109192, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50066, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212532266152, "etime": 1726212532266152, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50077, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212533288130, "etime": 1726212533288130, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50078, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212527165999, "etime": 1726212527165999, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50069, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212540412448, "etime": 1726212540412448, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50085, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212545501989, "etime": 1726212545501989, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50090, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212529218840, "etime": 1726212529218840, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50073, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:50.338] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:51.513] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26299 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1d89cb6e95db01a853c991b21c38b2a5084d6b6f85af7ed440063409dc220655&X-Amz-Expires=604800&X-Amz-Date=20251210T022650Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:51.513] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:51.580] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362411579, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726043317835800, "etime": 1726043317835800, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49236, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:26:51.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:51.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:51.580] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:26:54.648] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24635 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl?X-Amz-Signature=a8a7fc5d64e6e0b93851bd61380c5aa8355c9f99ca2a9e4173dcfa5795051424&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022654Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:54.648] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:56.554] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl|result:{"code": 0, "total_count": 29, "abnormal_count": 0, "normal_count": 29, "alert_count": 0, "timestamp": 1765362416553, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726211043376481, "etime": 1726211043376481, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49784, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211055629036, "etime": 1726211055629036, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49798, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211056645267, "etime": 1726211056645267, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49799, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211049526381, "etime": 1726211049526381, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49791, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211039297462, "etime": 1726211039297462, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49779, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211036253086, "etime": 1726211036253086, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49775, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211057658587, "etime": 1726211057658587, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49800, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211048500678, "etime": 1726211048500678, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49790, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211043391833, "etime": 1726211043391833, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49785, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211054616249, "etime": 1726211054616249, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49797, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211052585127, "etime": 1726211052585127, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49795, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211050546788, "etime": 1726211050546788, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49793, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211037267067, "etime": 1726211037267067, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49776, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211049543000, "etime": 1726211049543000, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49792, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211042361228, "etime": 1726211042361228, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49783, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211047470135, "etime": 1726211047470135, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49789, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211044391973, "etime": 1726211044391973, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49786, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211038285199, "etime": 1726211038285199, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49778, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211037284438, "etime": 1726211037284438, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49777, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211032231901, "etime": 1726211032231901, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49774, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211053603719, "etime": 1726211053603719, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49796, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211040309461, "etime": 1726211040309461, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49780, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211051561447, "etime": 1726211051561447, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49794, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211028212265, "etime": 1726211028212265, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49773, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211041335017, "etime": 1726211041335017, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49781, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211046438447, "etime": 1726211046438447, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49788, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211041352155, "etime": 1726211041352155, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49782, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211028211394, "etime": 1726211028211394, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49772, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726211045421671, "etime": 1726211045421671, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49787, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:26:56.554] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:26:57.774] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24636 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl?X-Amz-Date=20251210T022657Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8ac111685f7363ca83c82fd447db1bddb13687b44ed0bf47175709248d89f3f1"} [2025-12-10 10:26:57.774] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:26:57.774] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:26:57.774] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:26:57.774] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:26:57.774] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:26:57.775] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:26:57.861] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362417860, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042715698101, "etime": 1726042715698101, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49227, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:26:57.861] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:26:57.861] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:57.861] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:00.904] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24637 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022700Z&X-Amz-Signature=2fab46be68d8f526f6c1c9e94d84f6c196063a63417b9c5e8f9c59c410b34b1d&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:00.904] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:00.904] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:00.904] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:00.905] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:00.905] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:00.906] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:01.036] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362421035, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042715698101, "etime": 1726042715698101, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49227, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:27:01.036] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:01.036] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:01.036] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:04.028] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26300 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=22d2f83567671f8c1969a4fc648af257557a9269a94519008824fdf5bd965170&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022703Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:04.028] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:04.028] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:04.028] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:04.028] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:04.029] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:04.029] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:04.159] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362424158, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018395575615, "etime": 1726018395575615, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11978, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:04.159] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:04.159] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:04.159] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:07.131] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26301 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=0c9957324b40d030891c6b6a21d90b938990a0ec4518622c12b4b91dab109f34&X-Amz-Date=20251210T022706Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:07.131] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:07.131] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:07.131] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:07.131] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:07.131] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:07.132] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:07.264] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362427263, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193238236869, "etime": 1726193238236869, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13132, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:07.264] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:10.254] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24638 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl?X-Amz-Date=20251210T022709Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b0a2233222e36770df658eaa17c0e065e90d7a5cff58236546484c5d343d1468&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:27:10.254] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:10.254] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:10.254] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:10.254] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:10.254] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:10.256] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:10.387] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362430387, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726308806534538, "etime": 1726308806534538, "src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "src_port": 43319, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:27:10.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:10.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:10.387] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:13.356] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24639 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl?X-Amz-Date=20251210T022712Z&X-Amz-SignedHeaders=host&X-Amz-Signature=29e9198465be131959552da8a8671117b24f04b49d8ba84cef20a09ee0f8fba3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:27:13.357] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:13.357] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:13.357] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:13.357] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:13.357] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:13.358] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:13.486] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362433486, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193406870934, "etime": 1726193406870934, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13351, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:13.486] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:16.481] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26302 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=6350b028977673f80f4f35b9011bbbb6dc574f4df4d67f9e7962f08676c808f6&X-Amz-Date=20251210T022715Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:27:16.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:16.481] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:16.481] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:16.481] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:16.481] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:16.482] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:17.657] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl|result:{"code": 1, "total_count": 16, "abnormal_count": 2, "normal_count": 14, "alert_count": 2, "timestamp": 1765362437657, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1728733285253028, "etime": 1728733285253028, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54696, "dest_port": 9999, "protocol": "tls", "result": "Godzilla"}, {"stime": 1728733285185876, "etime": 1728733285185876, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54694, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733281133339, "etime": 1728733281133339, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54690, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733260869153, "etime": 1728733260869153, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54676, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733281188847, "etime": 1728733281188847, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54692, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733297345852, "etime": 1728733297345852, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54704, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733273084362, "etime": 1728733273084362, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54684, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733264919326, "etime": 1728733264919326, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54678, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733273025714, "etime": 1728733273025714, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54682, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733277137125, "etime": 1728733277137125, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54688, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733277080836, "etime": 1728733277080836, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54686, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733289237690, "etime": 1728733289237690, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54698, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733293292806, "etime": 1728733293292806, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54702, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733289309790, "etime": 1728733289309790, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54700, "dest_port": 9999, "protocol": "tls", "result": "Antsword"}, {"stime": 1728733260868074, "etime": 1728733260868074, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54674, "dest_port": 9999, "protocol": "tls", "result": "Normal"}, {"stime": 1728733268975367, "etime": 1728733268975367, "src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "src_port": 54680, "dest_port": 9999, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:17.657] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:27:17.657] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:17.657] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:19.606] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24640 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022719Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=937c980b792c611f000cfcde969c72360449dcaa345c5771609e77c90255e01a"} [2025-12-10 10:27:19.606] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:19.606] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:19.606] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:19.606] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:19.606] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:19.607] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:19.684] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362439684, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041863636984, "etime": 1726041863636984, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41203, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:19.684] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:19.684] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:19.684] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:22.737] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25053 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022722Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=669b59808a16b559b345816f4dfd578dc12fe8ae642508290b0230a347a171f7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:27:22.737] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:22.737] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:22.737] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:22.738] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:22.738] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:22.738] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:22.862] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362442861, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018232318333, "etime": 1726018232318333, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11615, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:22.862] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:22.862] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:22.862] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:25.860] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26303 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl?X-Amz-Signature=73a2c6d73d9d788ba3dd49a01f4dab865fc0a4d3fadf3ed753989b0865d5278e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022725Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:25.860] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:25.861] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:25.861] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:25.861] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:25.861] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:25.861] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:25.944] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362445944, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018528632697, "etime": 1726018528632697, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12244, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:25.944] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:25.944] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:25.944] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:28.983] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25054 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=41b7395223400982eb1a982df4a751be88ef681d92db4a8014c8e07bb52425f7&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022728Z"} [2025-12-10 10:27:28.983] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:28.983] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:28.983] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:28.983] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:28.983] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:28.984] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:29.109] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362449108, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018273302711, "etime": 1726018273302711, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11799, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:29.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:29.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:29.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:32.086] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24641 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f5db9702cfd4623b46ad6d5c40155fdc62bb3413859a04a8a27bdd821b42be1e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022731Z"} [2025-12-10 10:27:32.086] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:32.086] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:32.086] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:32.086] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:32.086] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:32.087] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:32.209] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362452208, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193199095854, "etime": 1726193199095854, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13086, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:32.209] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:35.203] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25055 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022734Z&X-Amz-Signature=cd1cbf50e7dfb0b2b6ec4a174d3a729796d2dd818e397a553412565676ebaf95&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:35.204] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:35.204] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:35.204] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:35.204] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:35.204] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:35.205] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:35.332] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362455331, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018573877390, "etime": 1726018573877390, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12297, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:35.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:35.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:35.332] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:38.307] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24642 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022737Z&X-Amz-SignedHeaders=host&X-Amz-Signature=086299c0b1cd787fc8d5b0e503919195b705d3f2d7c8bcb288703cfa51a16918"} [2025-12-10 10:27:38.307] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:38.307] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:38.307] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:38.307] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:38.307] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:38.308] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:38.437] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362458436, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192481724122, "etime": 1726192481724122, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11912, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:38.437] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:41.431] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24643 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl?X-Amz-Signature=2b4e843e06c11c4d6fca3bf66881b2060c22641db9063a136294f1542fbdaacc&X-Amz-Expires=604800&X-Amz-Date=20251210T022740Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:41.431] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:41.431] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:41.431] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:41.431] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:41.431] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:41.432] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:41.562] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362461562, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041812803482, "etime": 1726041812803482, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41141, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:41.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:41.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:41.562] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:44.553] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24644 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022744Z&X-Amz-Expires=604800&X-Amz-Signature=9b339b4b7a6a66737e7c7b69fcfd6519c7622949f1ab5698928799523c6a3eea"} [2025-12-10 10:27:44.554] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:44.554] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:44.554] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:44.554] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:44.554] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:44.555] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:44.683] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362464683, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042754623566, "etime": 1726042754623566, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42840, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:27:44.683] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:44.683] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:44.684] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:47.656] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25056 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl?X-Amz-Date=20251210T022747Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6dd897e2cbeaa603cc00c752368d83e3b1799ad849b2d777f5be16ec7620d8a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:47.656] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:47.656] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:47.656] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:47.656] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:47.656] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:47.657] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:47.783] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362467782, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193375183616, "etime": 1726193375183616, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13302, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:47.783] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:50.758] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26304 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cebb1b5b016f46df97dbdbd70ce75fc57cbc10240c4924c7f29c3b91a1bd50f4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022750Z"} [2025-12-10 10:27:50.759] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:50.759] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:50.759] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:50.759] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:50.759] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:50.760] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:50.893] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362470892, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193427780413, "etime": 1726193427780413, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13377, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:27:50.893] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:27:53.880] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24645 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022753Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=04f887981bb6037494ea8bb7b561fe7289c0dfb4343d60f69ae4254e4d36aea6"} [2025-12-10 10:27:53.880] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:53.880] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:53.880] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:53.880] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:53.880] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:53.881] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:54.006] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362474006, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726018573503701, "etime": 1726018573503701, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 12295, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:54.007] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:54.007] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:54.007] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:27:57.003] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25057 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ce0a9262cb45b68fafe646e03bca9748ad84cff6fe28669b4579555e511dd423&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022756Z"} [2025-12-10 10:27:57.003] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:27:57.003] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:27:57.003] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:27:57.003] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:27:57.003] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:27:57.004] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:27:57.137] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362477137, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726040971188333, "etime": 1726040971188333, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49222, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:27:57.137] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:27:57.137] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:57.137] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:00.128] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25058 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=a92ab03ea80c69010aa21f43ad27363323f680b89fc71959f1b4711b0b3901a6&X-Amz-Date=20251210T022759Z"} [2025-12-10 10:28:00.128] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:00.128] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:00.128] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:00.128] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:00.129] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:00.129] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:00.261] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362480260, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726040971188333, "etime": 1726040971188333, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49222, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:00.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:00.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:00.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:03.259] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25059 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl?X-Amz-Expires=604800&X-Amz-Signature=874821d090558c628295b58377aa1200f507b4a5289f577b9ae96b3a884b441a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022802Z"} [2025-12-10 10:28:03.259] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:03.259] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:03.259] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:03.259] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:03.259] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:03.260] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:06.033] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl|result:{"code": 1, "total_count": 38, "abnormal_count": 36, "normal_count": 2, "alert_count": 36, "timestamp": 1765362486032, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726233552010596, "etime": 1726233552010596, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50186, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233566440524, "etime": 1726233566440524, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50208, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233557360756, "etime": 1726233557360756, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50194, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233593319869, "etime": 1726233593319869, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50234, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233571808339, "etime": 1726233571808339, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50216, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233553586064, "etime": 1726233553586064, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50188, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233561738302, "etime": 1726233561738302, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50202, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233575581838, "etime": 1726233575581838, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50222, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233586279279, "etime": 1726233586279279, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50228, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726233550449930, "etime": 1726233550449930, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50184, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233559544722, "etime": 1726233559544722, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50198, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233587812092, "etime": 1726233587812092, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233593903940, "etime": 1726233593903940, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50235, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726233598498496, "etime": 1726233598498496, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50238, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233486051893, "etime": 1726233486051893, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50176, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233563288915, "etime": 1726233563288915, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50204, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233590261447, "etime": 1726233590261447, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233595410377, "etime": 1726233595410377, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233578732746, "etime": 1726233578732746, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50226, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233588754292, "etime": 1726233588754292, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726233554209336, "etime": 1726233554209336, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50190, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726233600558131, "etime": 1726233600558131, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50240, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233546660830, "etime": 1726233546660830, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50178, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233555801386, "etime": 1726233555801386, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233561105650, "etime": 1726233561105650, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50200, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233567092078, "etime": 1726233567092078, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50210, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726233596938711, "etime": 1726233596938711, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233557983928, "etime": 1726233557983928, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50196, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233570246708, "etime": 1726233570246708, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50214, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233577174516, "etime": 1726233577174516, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50224, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233564864363, "etime": 1726233564864363, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50206, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233591790814, "etime": 1726233591790814, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50233, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233568686705, "etime": 1726233568686705, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50212, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233548250317, "etime": 1726233548250317, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50180, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233574012001, "etime": 1726233574012001, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50220, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726233600026989, "etime": 1726233600026989, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233548871417, "etime": 1726233548871417, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50182, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726233573397816, "etime": 1726233573397816, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "src_port": 50218, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:28:06.033] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 36|max_alert: 1000 [2025-12-10 10:28:06.033] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:06.033] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:06.380] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24646 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022805Z&X-Amz-Signature=1429c5902aabed215f41a571462695d3194fcc35c2e59ead4bd5f41724281ed4&X-Amz-SignedHeaders=host"} [2025-12-10 10:28:06.380] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:06.380] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:06.380] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:06.380] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:06.380] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:06.381] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:06.459] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362486458, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041741791081, "etime": 1726041741791081, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41044, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:06.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:06.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:06.459] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:09.505] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26305 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022809Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3e26f88b521f6091c327add8d462aacc33cc58c0dd2f1372934421ec41543504"} [2025-12-10 10:28:09.505] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:09.505] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:09.506] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:09.506] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:09.506] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:09.507] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:09.631] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362489631, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041711735073, "etime": 1726041711735073, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41006, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:09.631] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:09.631] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:09.631] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:12.631] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25060 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022812Z&X-Amz-Signature=8b3905547ce8f214e92c97e3d21dd07d8f425cc4d8bc9b830247585bacf21d9a"} [2025-12-10 10:28:12.632] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:12.632] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:12.632] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:12.632] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:12.632] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:12.633] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:12.761] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362492761, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042728016653, "etime": 1726042728016653, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42804, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:12.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:12.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:12.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:15.755] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26306 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022815Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e655e56e8069012c0fdd49ee8c606850689ea5c32d11d236fe091200882dede3&X-Amz-Expires=604800"} [2025-12-10 10:28:15.755] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:15.755] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:15.755] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:15.755] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:15.755] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:15.756] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:16.895] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl|result:{"code": 1, "total_count": 15, "abnormal_count": 2, "normal_count": 13, "alert_count": 2, "timestamp": 1765362496895, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1728728640674907, "etime": 1728728640674907, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57782, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728648717212, "etime": 1728728648717212, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57788, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728628433317, "etime": 1728728628433317, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57770, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728632488685, "etime": 1728728632488685, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57772, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728644664961, "etime": 1728728644664961, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57784, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728636618307, "etime": 1728728636618307, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57778, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728620330066, "etime": 1728728620330066, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57764, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728624383336, "etime": 1728728624383336, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57768, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728648786147, "etime": 1728728648786147, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57790, "dest_port": 6666, "protocol": "tls", "result": "Antsword"}, {"stime": 1728728632563415, "etime": 1728728632563415, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57774, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728636558485, "etime": 1728728636558485, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57776, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728620331297, "etime": 1728728620331297, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57766, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728652773977, "etime": 1728728652773977, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57792, "dest_port": 6666, "protocol": "tls", "result": "Normal"}, {"stime": 1728728644735538, "etime": 1728728644735538, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57786, "dest_port": 6666, "protocol": "tls", "result": "Godzilla"}, {"stime": 1728728640611752, "etime": 1728728640611752, "src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "src_port": 57780, "dest_port": 6666, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:16.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:28:16.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:16.896] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:18.877] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26307 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl?X-Amz-Signature=94582d8d432f7871c390d16490cda0b9e10ab9b780971608e8b3accd07c3d1b1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022818Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:28:18.877] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:18.877] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:18.877] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:18.878] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:18.878] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:18.878] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:18.968] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362498967, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042673539315, "etime": 1726042673539315, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42735, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:18.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:18.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:18.968] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:21.980] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24647 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022821Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4c8840c84f91252ad7e04331995d441c3aa7b10baae220b1d4ee89b1a34effc4"} [2025-12-10 10:28:21.980] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:21.980] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:21.980] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:21.980] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:21.980] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:21.981] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:22.111] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362502110, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726193257556220, "etime": 1726193257556220, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 13160, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:22.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:25.080] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25061 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022824Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1f1ef91002984373f5823a2b9004e9bcb93eacde24013794b715bac42e722d68"} [2025-12-10 10:28:25.080] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:25.080] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:25.080] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:25.081] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:25.081] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:25.082] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:25.211] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362505210, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192508859470, "etime": 1726192508859470, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11943, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:25.211] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:28.201] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24648 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=5d4e2e5bc63bbf53e427bf8485db55715ac88fe7aa6ef5efb0761568507ee1fd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022827Z"} [2025-12-10 10:28:28.201] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:28.201] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:28.201] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:28.202] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:28.202] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:28.202] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:28.325] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362508324, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725956945714364, "etime": 1725956945714364, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 25201, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:28.325] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:28.325] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:28.325] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:31.322] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24649 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl?X-Amz-Signature=94d7dc46905fa44705c68acb26b927f448df54bce7119b520b43244a30e34779&X-Amz-Date=20251210T022830Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:28:31.322] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:31.322] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:31.322] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:31.322] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:31.322] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:31.323] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:31.433] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362511433, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042647731014, "etime": 1726042647731014, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42702, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:31.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:31.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:31.433] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:34.424] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26308 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=01c3e3173e18ad216e7a072180a75c32272d880c2948ae291d4ec6f0315626cd&X-Amz-Date=20251210T022833Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:28:34.424] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:34.424] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:34.424] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:34.424] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:34.424] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:34.425] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:34.550] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362514549, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726192452777119, "etime": 1726192452777119, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 11875, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:34.550] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:37.544] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25062 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl?X-Amz-Date=20251210T022837Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7717db352ffa41971b74b109ececce85fb8a53c7c5987c237ceb8344aca3ccb4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:28:37.544] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:37.544] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:37.544] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:37.544] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:37.544] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:37.545] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:37.674] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362517674, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1725955214223561, "etime": 1725955214223561, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 21125, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:37.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:37.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:37.674] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:40.659] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25063 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e4b6e4ecc99a147b0278b150a9fd6714cc7528fc3b42b017fc049c25ebdbedb9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022840Z"} [2025-12-10 10:28:40.659] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:40.659] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:40.660] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:40.660] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:40.660] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:40.661] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:40.790] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362520789, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041840473148, "etime": 1726041840473148, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 41174, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:40.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:40.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:40.790] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:43.788] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25064 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022843Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=567c5c6dc89c7e2c67c4b15c6a714d21e23636c985722ec43653513bc115ae34"} [2025-12-10 10:28:43.788] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:43.788] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:43.788] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:43.788] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:43.788] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:43.789] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:45.400] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl|result:{"code": 0, "total_count": 22, "abnormal_count": 0, "normal_count": 22, "alert_count": 0, "timestamp": 1765362525399, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726212476564231, "etime": 1726212476564231, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50046, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212464489757, "etime": 1726212464489757, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50042, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212482612104, "etime": 1726212482612104, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50049, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212468510725, "etime": 1726212468510725, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50044, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212481599366, "etime": 1726212481599366, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50048, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212485665317, "etime": 1726212485665317, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50054, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212486682461, "etime": 1726212486682461, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50055, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212483630297, "etime": 1726212483630297, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50051, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212482627885, "etime": 1726212482627885, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50050, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212488721423, "etime": 1726212488721423, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50058, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212472536318, "etime": 1726212472536318, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50045, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212491772676, "etime": 1726212491772676, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50061, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212480588982, "etime": 1726212480588982, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50047, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212490762281, "etime": 1726212490762281, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50060, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212492784191, "etime": 1726212492784191, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50062, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212484648782, "etime": 1726212484648782, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50053, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212483646159, "etime": 1726212483646159, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50052, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212489744393, "etime": 1726212489744393, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50059, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212487698808, "etime": 1726212487698808, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50056, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212464490580, "etime": 1726212464490580, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50043, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212487715994, "etime": 1726212487715994, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50057, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726212493798340, "etime": 1726212493798340, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "src_port": 50063, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:45.400] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:46.908] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26309 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=025ee92a72593edc902d341f70d70e50beb4152f8429c8269084e409119293be&X-Amz-Expires=604800&X-Amz-Date=20251210T022846Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:46.908] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:46.995] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362526994, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726041616292738, "etime": 1726041616292738, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 40774, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:28:46.995] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:46.995] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:46.995] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:50.030] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24650 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022849Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=01030e2a5e4e8eb4eec0c17ebecf75bf81f6f21795588ba552da952f50225a2e"} [2025-12-10 10:28:50.030] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:50.030] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:50.031] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:50.031] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:50.031] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:50.032] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:51.642] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl|result:{"code": 0, "total_count": 22, "abnormal_count": 0, "normal_count": 22, "alert_count": 0, "timestamp": 1765362531641, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726210699317398, "etime": 1726210699317398, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49754, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210699316862, "etime": 1726210699316862, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49753, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210647031214, "etime": 1726210647031214, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49735, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210687234098, "etime": 1726210687234098, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49746, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210675183620, "etime": 1726210675183620, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49743, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210667142830, "etime": 1726210667142830, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49741, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210683215684, "etime": 1726210683215684, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49745, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210655082578, "etime": 1726210655082578, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49738, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210702325043, "etime": 1726210702325043, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49755, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210693265454, "etime": 1726210693265454, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49749, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210647032079, "etime": 1726210647032079, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49736, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210651054862, "etime": 1726210651054862, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49737, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210690248910, "etime": 1726210690248910, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49747, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210690270222, "etime": 1726210690270222, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49748, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210696301685, "etime": 1726210696301685, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49751, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210705339329, "etime": 1726210705339329, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49756, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210696284458, "etime": 1726210696284458, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49750, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210663129623, "etime": 1726210663129623, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49740, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210659103958, "etime": 1726210659103958, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49739, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210671169962, "etime": 1726210671169962, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49742, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210679195418, "etime": 1726210679195418, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49744, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1726210699301143, "etime": 1726210699301143, "src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "src_port": 49752, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:28:51.642] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:53.153] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26310 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022852Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=0103c0e344b9a460b06f8ea80652c95c94ba46969e93b4f74a1c4c5fe2a8e065"} [2025-12-10 10:28:53.154] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:53.154] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:53.154] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:53.154] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:53.154] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:53.155] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:53.243] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362533242, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726042775709648, "etime": 1726042775709648, "src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "src_port": 42866, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:28:53.243] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:28:53.243] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:53.243] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:28:56.260] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26311 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl?X-Amz-Date=20251210T022855Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8b11ce29c247f48535db82d29d67eaed8f995fbff1a5ebf1a9ad74c64d9123f1&X-Amz-Expires=604800"} [2025-12-10 10:28:56.260] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:56.260] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:56.260] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:56.260] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:56.261] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:56.261] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:28:56.270] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765362536269, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:28:56.270] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:28:59.733] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24651 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl?X-Amz-Signature=76c50338643d21458c91e62faba9a67e8b5d15223822ec2562d48a2bae9f5a37&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022859Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:59.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:28:59.733] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:28:59.734] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:28:59.734] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:28:59.734] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:28:59.734] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:22.792] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl|result:{"code": 1, "total_count": 323, "abnormal_count": 1, "normal_count": 322, "alert_count": 1, "timestamp": 1765362562788, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727074047544464, "etime": 1727074047544464, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50056, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073843309844, "etime": 1727073843309844, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49859, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074102766517, "etime": 1727074102766517, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50109, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073847498298, "etime": 1727073847498298, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49863, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073986995521, "etime": 1727073986995521, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49998, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074020419346, "etime": 1727074020419346, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50030, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073992201863, "etime": 1727073992201863, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50003, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074062138646, "etime": 1727074062138646, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50070, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073844355779, "etime": 1727073844355779, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49860, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073979702350, "etime": 1727073979702350, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49991, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074046501251, "etime": 1727074046501251, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50055, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073858955599, "etime": 1727073858955599, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49874, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073877749450, "etime": 1727073877749450, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49893, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074160222277, "etime": 1727074160222277, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50165, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073867283541, "etime": 1727073867283541, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49882, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074085061975, "etime": 1727074085061975, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50092, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073931893195, "etime": 1727073931893195, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49945, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074009982021, "etime": 1727074009982021, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50020, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073977623573, "etime": 1727073977623573, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49989, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073982810712, "etime": 1727073982810712, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49994, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073991161438, "etime": 1727073991161438, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50002, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074130909947, "etime": 1727074130909947, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50136, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073964108641, "etime": 1727073964108641, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49976, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073831823929, "etime": 1727073831823929, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49848, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073922504086, "etime": 1727073922504086, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49936, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074012076473, "etime": 1727074012076473, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50022, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073900691246, "etime": 1727073900691246, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49915, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073856888251, "etime": 1727073856888251, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49872, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074011028933, "etime": 1727074011028933, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50021, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074095452084, "etime": 1727074095452084, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50102, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074063169556, "etime": 1727074063169556, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50071, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073913175220, "etime": 1727073913175220, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49927, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073912139715, "etime": 1727073912139715, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49926, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073864154497, "etime": 1727073864154497, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49879, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073980732224, "etime": 1727073980732224, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49992, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074090264769, "etime": 1727074090264769, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50097, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073836042284, "etime": 1727073836042284, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49852, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073893392703, "etime": 1727073893392703, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49908, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073896516879, "etime": 1727073896516879, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49911, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073928784402, "etime": 1727073928784402, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49942, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073936032726, "etime": 1727073936032726, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49949, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073978669744, "etime": 1727073978669744, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49990, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074117360173, "etime": 1727074117360173, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50123, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074122579989, "etime": 1727074122579989, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50128, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073963076748, "etime": 1727073963076748, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49975, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074026685715, "etime": 1727074026685715, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50036, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073932924042, "etime": 1727073932924042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49946, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073909004618, "etime": 1727073909004618, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49923, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074084014784, "etime": 1727074084014784, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50091, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074059014172, "etime": 1727074059014172, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50067, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073996389338, "etime": 1727073996389338, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50007, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074129875900, "etime": 1727074129875900, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50135, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074036076261, "etime": 1727074036076261, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50045, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074051717018, "etime": 1727074051717018, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50060, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073849590990, "etime": 1727073849590990, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49865, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074127798426, "etime": 1727074127798426, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50133, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073927736948, "etime": 1727073927736948, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49941, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074005795083, "etime": 1727074005795083, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50016, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074001607257, "etime": 1727074001607257, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50012, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074006841210, "etime": 1727074006841210, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50017, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074032950617, "etime": 1727074032950617, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50042, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074088186572, "etime": 1727074088186572, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50095, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074106921252, "etime": 1727074106921252, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50113, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074125688603, "etime": 1727074125688603, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50131, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074141305954, "etime": 1727074141305954, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50146, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074146517511, "etime": 1727074146517511, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50151, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074092343393, "etime": 1727074092343393, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50099, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073839137150, "etime": 1727073839137150, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49855, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074096483736, "etime": 1727074096483736, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50103, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073926705857, "etime": 1727073926705857, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49940, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073942267042, "etime": 1727073942267042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49955, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073891313340, "etime": 1727073891313340, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49906, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073935001385, "etime": 1727073935001385, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49948, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074100671845, "etime": 1727074100671845, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50107, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074056934789, "etime": 1727074056934789, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50065, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074118408400, "etime": 1727074118408400, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50124, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074139220064, "etime": 1727074139220064, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50144, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073853762758, "etime": 1727073853762758, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49869, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073897563902, "etime": 1727073897563902, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49912, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073944329291, "etime": 1727073944329291, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49957, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074086108129, "etime": 1727074086108129, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50093, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074076733972, "etime": 1727074076733972, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50084, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073770622878, "etime": 1727073770622878, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49845, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074152960383, "etime": 1727074152960383, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50158, "dest_port": 4143, "protocol": "tls", "result": "Behinder"}, {"stime": 1727073888188068, "etime": 1727073888188068, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49903, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073846450049, "etime": 1727073846450049, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49862, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073879830485, "etime": 1727073879830485, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49895, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073923549491, "etime": 1727073923549491, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49937, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074126750577, "etime": 1727074126750577, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50132, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073895487092, "etime": 1727073895487092, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49910, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073768303403, "etime": 1727073768303403, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49844, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727073950593760, "etime": 1727073950593760, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49963, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073838105154, "etime": 1727073838105154, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49854, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073948530923, "etime": 1727073948530923, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49961, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073848545190, "etime": 1727073848545190, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49864, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074079873883, "etime": 1727074079873883, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50087, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074103812784, "etime": 1727074103812784, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50110, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073845403276, "etime": 1727073845403276, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49861, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074024592641, "etime": 1727074024592641, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50034, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074040248657, "etime": 1727074040248657, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50049, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073867352478, "etime": 1727073867352478, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49883, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074149659437, "etime": 1727074149659437, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50154, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073929829879, "etime": 1727073929829879, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49943, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074081944463, "etime": 1727074081944463, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50089, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074007887503, "etime": 1727074007887503, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50018, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073832886225, "etime": 1727073832886225, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49849, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073914222632, "etime": 1727073914222632, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49928, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073953717889, "etime": 1727073953717889, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49966, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074017278815, "etime": 1727074017278815, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50027, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074033996970, "etime": 1727074033996970, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50043, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073988033182, "etime": 1727073988033182, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49999, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074049654316, "etime": 1727074049654316, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50058, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074136112871, "etime": 1727074136112871, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50141, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073854795057, "etime": 1727073854795057, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49870, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074147564741, "etime": 1727074147564741, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50152, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074060073557, "etime": 1727074060073557, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50068, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073884016196, "etime": 1727073884016196, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49899, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073933970182, "etime": 1727073933970182, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49947, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073899645081, "etime": 1727073899645081, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49914, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073955796356, "etime": 1727073955796356, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49968, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073930861660, "etime": 1727073930861660, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49944, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074029825733, "etime": 1727074029825733, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50039, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074112110394, "etime": 1727074112110394, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50118, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074154003567, "etime": 1727074154003567, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50159, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074031904358, "etime": 1727074031904358, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50041, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073971374042, "etime": 1727073971374042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49983, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074158159467, "etime": 1727074158159467, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50163, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073957889526, "etime": 1727073957889526, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49970, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074159190418, "etime": 1727074159190418, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50164, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073962030181, "etime": 1727073962030181, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49974, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073972420062, "etime": 1727073972420062, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49984, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074014154870, "etime": 1727074014154870, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50024, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073911096956, "etime": 1727073911096956, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49925, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073915254124, "etime": 1727073915254124, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49929, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073956843082, "etime": 1727073956843082, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49969, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074054842010, "etime": 1727074054842010, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50063, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073850638510, "etime": 1727073850638510, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49866, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074050685009, "etime": 1727074050685009, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50059, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074053797562, "etime": 1727074053797562, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50062, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074064202177, "etime": 1727074064202177, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50072, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073951640472, "etime": 1727073951640472, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49964, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073954749778, "etime": 1727073954749778, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49967, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074021468002, "etime": 1727074021468002, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50031, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074028779555, "etime": 1727074028779555, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50038, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074087155551, "etime": 1727074087155551, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50094, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073985952789, "etime": 1727073985952789, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49997, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073984905421, "etime": 1727073984905421, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49996, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073857920247, "etime": 1727073857920247, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49873, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074002655145, "etime": 1727074002655145, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50013, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073920424632, "etime": 1727073920424632, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49934, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074111062724, "etime": 1727074111062724, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50117, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074128844538, "etime": 1727074128844538, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50134, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074013106846, "etime": 1727074013106846, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50023, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073937080310, "etime": 1727073937080310, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49950, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074067326989, "etime": 1727074067326989, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50075, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074124642695, "etime": 1727074124642695, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50130, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073921456213, "etime": 1727073921456213, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49935, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074030857087, "etime": 1727074030857087, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50040, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074115252333, "etime": 1727074115252333, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50121, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073861045872, "etime": 1727073861045872, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49876, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074042327299, "etime": 1727074042327299, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50051, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073976576861, "etime": 1727073976576861, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49988, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074074655003, "etime": 1727074074655003, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50082, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074065251573, "etime": 1727074065251573, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50073, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073990109823, "etime": 1727073990109823, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50001, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074091298850, "etime": 1727074091298850, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50098, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073886109809, "etime": 1727073886109809, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49901, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073939142691, "etime": 1727073939142691, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49952, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074093390078, "etime": 1727074093390078, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50100, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074099625573, "etime": 1727074099625573, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50106, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074134016981, "etime": 1727074134016981, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50139, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074138188545, "etime": 1727074138188545, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50143, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073916284636, "etime": 1727073916284636, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49930, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073868389774, "etime": 1727073868389774, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49884, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074160264756, "etime": 1727074160264756, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50166, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074069405221, "etime": 1727074069405221, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50077, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073880891042, "etime": 1727073880891042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49896, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073958906399, "etime": 1727073958906399, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49971, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073993247695, "etime": 1727073993247695, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50004, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073981764560, "etime": 1727073981764560, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49993, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074072545749, "etime": 1727074072545749, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50080, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074145486253, "etime": 1727074145486253, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50150, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073872561760, "etime": 1727073872561760, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49888, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074137158250, "etime": 1727074137158250, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50142, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073851685280, "etime": 1727073851685280, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49867, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074155050085, "etime": 1727074155050085, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50160, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073890267834, "etime": 1727073890267834, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49905, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073902768650, "etime": 1727073902768650, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49917, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073947484997, "etime": 1727073947484997, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49960, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074022514209, "etime": 1727074022514209, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50032, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073830684073, "etime": 1727073830684073, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49846, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073968264571, "etime": 1727073968264571, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49980, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074142346163, "etime": 1727074142346163, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50147, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074157113225, "etime": 1727074157113225, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50162, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074003700241, "etime": 1727074003700241, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50014, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074019372571, "etime": 1727074019372571, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50029, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074027731649, "etime": 1727074027731649, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50037, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074108984086, "etime": 1727074108984086, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50115, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073889220376, "etime": 1727073889220376, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49904, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073960991922, "etime": 1727073960991922, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49973, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074078827397, "etime": 1727074078827397, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50086, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074070451678, "etime": 1727074070451678, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50078, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074094421355, "etime": 1727074094421355, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50101, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073863110505, "etime": 1727073863110505, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49878, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073898610998, "etime": 1727073898610998, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49913, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074015200697, "etime": 1727074015200697, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50025, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074043371994, "etime": 1727074043371994, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50052, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073959937125, "etime": 1727073959937125, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49972, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073945390702, "etime": 1727073945390702, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49958, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074110031961, "etime": 1727074110031961, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50116, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073894440391, "etime": 1727073894440391, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49909, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073910053945, "etime": 1727073910053945, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49924, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074123610173, "etime": 1727074123610173, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50129, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074075686054, "etime": 1727074075686054, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50083, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073903814739, "etime": 1727073903814739, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49918, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073949563074, "etime": 1727073949563074, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49962, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074045453123, "etime": 1727074045453123, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50054, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073974499979, "etime": 1727073974499979, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49986, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073952671655, "etime": 1727073952671655, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49965, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073882970563, "etime": 1727073882970563, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49898, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073999513315, "etime": 1727073999513315, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50010, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074018326234, "etime": 1727074018326234, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50028, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073862076453, "etime": 1727073862076453, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49877, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073925658047, "etime": 1727073925658047, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49939, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074116312699, "etime": 1727074116312699, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50122, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073837074584, "etime": 1727073837074584, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49853, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073938110393, "etime": 1727073938110393, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49951, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074073605053, "etime": 1727074073605053, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50081, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074107953330, "etime": 1727074107953330, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50114, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073904862040, "etime": 1727073904862040, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49919, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073871515423, "etime": 1727073871515423, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49887, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074144440266, "etime": 1727074144440266, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50149, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074151737390, "etime": 1727074151737390, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50156, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073901737338, "etime": 1727073901737338, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49916, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073946438063, "etime": 1727073946438063, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49959, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074120500158, "etime": 1727074120500158, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50126, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073989075186, "etime": 1727073989075186, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50000, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073997435401, "etime": 1727073997435401, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50008, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074055889496, "etime": 1727074055889496, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50064, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073919393587, "etime": 1727073919393587, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49933, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074035044646, "etime": 1727074035044646, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50044, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074037122450, "etime": 1727074037122450, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50046, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074041297026, "etime": 1727074041297026, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50050, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073973453999, "etime": 1727073973453999, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49985, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074048592651, "etime": 1727074048592651, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50057, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074061107871, "etime": 1727074061107871, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50069, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073975544689, "etime": 1727073975544689, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49987, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074097531822, "etime": 1727074097531822, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50104, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073998466526, "etime": 1727073998466526, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50009, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074104858997, "etime": 1727074104858997, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50111, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073855841178, "etime": 1727073855841178, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49871, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073887156392, "etime": 1727073887156392, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49902, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074000561355, "etime": 1727074000561355, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50011, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074039200555, "etime": 1727074039200555, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50048, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074114204647, "etime": 1727074114204647, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50120, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073869437585, "etime": 1727073869437585, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49885, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073994295004, "etime": 1727073994295004, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50005, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073878797170, "etime": 1727073878797170, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49894, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073840184109, "etime": 1727073840184109, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49856, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073881922151, "etime": 1727073881922151, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49897, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073870468078, "etime": 1727073870468078, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49886, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073941235183, "etime": 1727073941235183, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49954, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074044404355, "etime": 1727074044404355, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50053, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073907957620, "etime": 1727073907957620, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49922, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073873608918, "etime": 1727073873608918, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49889, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074008936077, "etime": 1727074008936077, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50019, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073924606014, "etime": 1727073924606014, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49938, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073852733412, "etime": 1727073852733412, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49868, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073906910460, "etime": 1727073906910460, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49921, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073918348025, "etime": 1727073918348025, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49932, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074038153445, "etime": 1727074038153445, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50047, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074052748594, "etime": 1727074052748594, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50061, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074077780000, "etime": 1727074077780000, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50085, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074080905328, "etime": 1727074080905328, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50088, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073892345501, "etime": 1727073892345501, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49907, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073876706261, "etime": 1727073876706261, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49892, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074057967552, "etime": 1727074057967552, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50066, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074016247380, "etime": 1727074016247380, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50026, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073842262068, "etime": 1727073842262068, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49858, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074066294770, "etime": 1727074066294770, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50074, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074121533109, "etime": 1727074121533109, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50127, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074023560054, "etime": 1727074023560054, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50033, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074150689644, "etime": 1727074150689644, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50155, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074004749372, "etime": 1727074004749372, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50015, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073905893474, "etime": 1727073905893474, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49920, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074071498961, "etime": 1727074071498961, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50079, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073969296767, "etime": 1727073969296767, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49981, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073841230871, "etime": 1727073841230871, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49857, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073830779895, "etime": 1727073830779895, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49847, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073966190511, "etime": 1727073966190511, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49978, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074152783483, "etime": 1727074152783483, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50157, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074156081482, "etime": 1727074156081482, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50161, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074089218765, "etime": 1727074089218765, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50096, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074101718584, "etime": 1727074101718584, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50108, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074143391995, "etime": 1727074143391995, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50148, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073965139275, "etime": 1727073965139275, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49977, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073917315188, "etime": 1727073917315188, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49931, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074148606803, "etime": 1727074148606803, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50153, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073940189057, "etime": 1727073940189057, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49953, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074135063576, "etime": 1727074135063576, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50140, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073859997596, "etime": 1727073859997596, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49875, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073943297012, "etime": 1727073943297012, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49956, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074082982622, "etime": 1727074082982622, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50090, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074119454579, "etime": 1727074119454579, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50125, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073995341453, "etime": 1727073995341453, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50006, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074132985603, "etime": 1727074132985603, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50138, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073874640325, "etime": 1727073874640325, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49890, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074113158240, "etime": 1727074113158240, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50119, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074131955513, "etime": 1727074131955513, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50137, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073834996360, "etime": 1727073834996360, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49851, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074105891026, "etime": 1727074105891026, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50112, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073865186012, "etime": 1727073865186012, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49880, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073866237464, "etime": 1727073866237464, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49881, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073875671681, "etime": 1727073875671681, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49891, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074098578455, "etime": 1727074098578455, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50105, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074068372745, "etime": 1727074068372745, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50076, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073833933897, "etime": 1727073833933897, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49850, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073967233096, "etime": 1727073967233096, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49979, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073885062850, "etime": 1727073885062850, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49900, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073983858207, "etime": 1727073983858207, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49995, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074140267485, "etime": 1727074140267485, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50145, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727073970342544, "etime": 1727073970342544, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 49982, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727074025638343, "etime": 1727074025638343, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50035, "dest_port": 4143, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:29:22.793] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24652 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022902Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4e0f83da49b23b0bed04d9407d93f3a5220818193aff61485ad09e3b9adc2863"} [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:22.793] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:22.796] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765362562796, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:29:22.796] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24653 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022905Z&X-Amz-Signature=a0cc591bd8faa2c6f3463f3285f09059ac837a2505aecbd5e6531f89b123adf5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:22.796] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:29.646] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl|result:{"code": 1, "total_count": 96, "abnormal_count": 1, "normal_count": 95, "alert_count": 1, "timestamp": 1765362569644, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727075473823940, "etime": 1727075473823940, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50250, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075516434641, "etime": 1727075516434641, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50294, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075458198570, "etime": 1727075458198570, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50235, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075524731814, "etime": 1727075524731814, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50302, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075493761873, "etime": 1727075493761873, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50272, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075463417431, "etime": 1727075463417431, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50240, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075535154352, "etime": 1727075535154352, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50312, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075517465797, "etime": 1727075517465797, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50295, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075533060964, "etime": 1727075533060964, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50310, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075522653914, "etime": 1727075522653914, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50300, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075525764021, "etime": 1727075525764021, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50303, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075542420141, "etime": 1727075542420141, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50319, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075542453706, "etime": 1727075542453706, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50320, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075512278837, "etime": 1727075512278837, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50290, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075523700614, "etime": 1727075523700614, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50301, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075484332520, "etime": 1727075484332520, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50262, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075476949065, "etime": 1727075476949065, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50253, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075387650753, "etime": 1727075387650753, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50225, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727075479011183, "etime": 1727075479011183, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50255, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075495841444, "etime": 1727075495841444, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50274, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075474858936, "etime": 1727075474858936, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50251, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075488560672, "etime": 1727075488560672, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50267, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075481120960, "etime": 1727075481120960, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50257, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075502688974, "etime": 1727075502688974, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50280, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075503732569, "etime": 1727075503732569, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50281, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075472792828, "etime": 1727075472792828, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50249, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075498536042, "etime": 1727075498536042, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50276, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075454027619, "etime": 1727075454027619, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50231, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075508137781, "etime": 1727075508137781, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50286, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075509169016, "etime": 1727075509169016, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50287, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075514355956, "etime": 1727075514355956, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50292, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075536200883, "etime": 1727075536200883, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50313, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075457135470, "etime": 1727075457135470, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50234, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075490653884, "etime": 1727075490653884, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50269, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075460292535, "etime": 1727075460292535, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50237, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075449855514, "etime": 1727075449855514, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50227, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075494797013, "etime": 1727075494797013, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50273, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075480075521, "etime": 1727075480075521, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50256, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075496887834, "etime": 1727075496887834, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50275, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075532014977, "etime": 1727075532014977, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50309, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075483261453, "etime": 1727075483261453, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50260, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075462386300, "etime": 1727075462386300, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50239, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075520575610, "etime": 1727075520575610, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50298, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075471745761, "etime": 1727075471745761, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50248, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075528904742, "etime": 1727075528904742, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50306, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075530966836, "etime": 1727075530966836, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50308, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075534108233, "etime": 1727075534108233, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50311, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075489608844, "etime": 1727075489608844, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50268, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075456106003, "etime": 1727075456106003, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50233, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075469668003, "etime": 1727075469668003, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50246, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075537232563, "etime": 1727075537232563, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50314, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075541389242, "etime": 1727075541389242, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50318, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075499576777, "etime": 1727075499576777, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50277, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075521607425, "etime": 1727075521607425, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50299, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075389792348, "etime": 1727075389792348, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50226, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075470699815, "etime": 1727075470699815, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50247, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075477982026, "etime": 1727075477982026, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50254, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075482230597, "etime": 1727075482230597, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50259, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075475903989, "etime": 1727075475903989, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50252, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075506056078, "etime": 1727075506056078, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50284, "dest_port": 4143, "protocol": "tls", "result": "Behinder"}, {"stime": 1727075486404281, "etime": 1727075486404281, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50264, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075538263791, "etime": 1727075538263791, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50315, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075518500909, "etime": 1727075518500909, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50296, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075491684265, "etime": 1727075491684265, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50270, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075507106622, "etime": 1727075507106622, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50285, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075484294445, "etime": 1727075484294445, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50261, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075510200539, "etime": 1727075510200539, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50288, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075540342469, "etime": 1727075540342469, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50317, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075451948955, "etime": 1727075451948955, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50229, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075492730815, "etime": 1727075492730815, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50271, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075488497021, "etime": 1727075488497021, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50266, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075529935787, "etime": 1727075529935787, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50307, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075504762914, "etime": 1727075504762914, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50282, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075465501079, "etime": 1727075465501079, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50242, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075464449080, "etime": 1727075464449080, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50241, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075481185468, "etime": 1727075481185468, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50258, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075539294578, "etime": 1727075539294578, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50316, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075452979619, "etime": 1727075452979619, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50230, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075487451614, "etime": 1727075487451614, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50265, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075505795549, "etime": 1727075505795549, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50283, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075459246345, "etime": 1727075459246345, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50236, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075461339706, "etime": 1727075461339706, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50238, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075527857855, "etime": 1727075527857855, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50305, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075467590260, "etime": 1727075467590260, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50244, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075455058964, "etime": 1727075455058964, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50232, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075466543022, "etime": 1727075466543022, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50243, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075513325576, "etime": 1727075513325576, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50291, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075511231630, "etime": 1727075511231630, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50289, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075468621764, "etime": 1727075468621764, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50245, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075526811266, "etime": 1727075526811266, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50304, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075485372059, "etime": 1727075485372059, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50263, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075450902118, "etime": 1727075450902118, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50228, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075501653628, "etime": 1727075501653628, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50279, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075515388732, "etime": 1727075515388732, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50293, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075519544747, "etime": 1727075519544747, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50297, "dest_port": 4143, "protocol": "tls", "result": "Normal"}, {"stime": 1727075500621860, "etime": 1727075500621860, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50278, "dest_port": 4143, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:29:29.646] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24654 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1ea4ee4b3c0a8437a5f09865c975405183ba6b2e14176e049e3c9d31c914ab17&X-Amz-Date=20251210T022908Z"} [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:29.646] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:36.808] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl|result:{"code": 1, "total_count": 100, "abnormal_count": 6, "normal_count": 94, "alert_count": 6, "timestamp": 1765362576805, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727337844471174, "etime": 1727337844471174, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52141, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337841314924, "etime": 1727337841314924, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52137, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337839283791, "etime": 1727337839283791, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52135, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337906783477, "etime": 1727337906783477, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52207, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337817736783, "etime": 1727337817736783, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52113, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337887189709, "etime": 1727337887189709, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52184, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337890273444, "etime": 1727337890273444, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52188, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337855643250, "etime": 1727337855643250, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52152, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337829111554, "etime": 1727337829111554, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52125, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337840299331, "etime": 1727337840299331, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52136, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337860721181, "etime": 1727337860721181, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52157, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337826017601, "etime": 1727337826017601, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52122, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337833189504, "etime": 1727337833189504, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52129, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337868846569, "etime": 1727337868846569, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52165, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337871893034, "etime": 1727337871893034, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52168, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337879002306, "etime": 1727337879002306, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52175, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337888205116, "etime": 1727337888205116, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52185, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337898519534, "etime": 1727337898519534, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52197, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337905767851, "etime": 1727337905767851, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52206, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337877987046, "etime": 1727337877987046, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52174, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337880017773, "etime": 1727337880017773, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52176, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337900658331, "etime": 1727337900658331, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52200, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337854627318, "etime": 1727337854627318, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52151, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337756706083, "etime": 1727337756706083, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52111, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337832174112, "etime": 1727337832174112, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52128, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337859705322, "etime": 1727337859705322, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52156, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337881034347, "etime": 1727337881034347, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52177, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337885158879, "etime": 1727337885158879, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52182, "dest_port": 8990, "protocol": "tls", "result": "Antsword"}, {"stime": 1727337821939363, "etime": 1727337821939363, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52118, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337822956952, "etime": 1727337822956952, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52119, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337849549514, "etime": 1727337849549514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52146, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337891284030, "etime": 1727337891284030, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52189, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337882049207, "etime": 1727337882049207, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52178, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337819892986, "etime": 1727337819892986, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52116, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337851580624, "etime": 1727337851580624, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52148, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337845486386, "etime": 1727337845486386, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52142, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337848533124, "etime": 1727337848533124, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52145, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337847518357, "etime": 1727337847518357, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52144, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337835221547, "etime": 1727337835221547, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52131, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337828080068, "etime": 1727337828080068, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52124, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337862752201, "etime": 1727337862752201, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52159, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337873923996, "etime": 1727337873923996, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52170, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337837252511, "etime": 1727337837252511, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52133, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337874939385, "etime": 1727337874939385, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52171, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337893330760, "etime": 1727337893330760, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52191, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337899643243, "etime": 1727337899643243, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52199, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337863768198, "etime": 1727337863768198, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52160, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337897487283, "etime": 1727337897487283, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52196, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337866814680, "etime": 1727337866814680, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52163, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337892314828, "etime": 1727337892314828, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52190, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337901673936, "etime": 1727337901673936, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52201, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337823970963, "etime": 1727337823970963, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52120, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337890236617, "etime": 1727337890236617, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52187, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337895455394, "etime": 1727337895455394, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52194, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337886173957, "etime": 1727337886173957, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52183, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337870877600, "etime": 1727337870877600, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52167, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337883064559, "etime": 1727337883064559, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52179, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337884096086, "etime": 1727337884096086, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52180, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337907799858, "etime": 1727337907799858, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52208, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337907807576, "etime": 1727337907807576, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52209, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337820924114, "etime": 1727337820924114, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52117, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337834205260, "etime": 1727337834205260, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52130, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337894348567, "etime": 1727337894348567, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52192, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337896473145, "etime": 1727337896473145, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52195, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337818886988, "etime": 1727337818886988, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52115, "dest_port": 8990, "protocol": "tls", "result": "Antsword"}, {"stime": 1727337857673805, "etime": 1727337857673805, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52154, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337842440759, "etime": 1727337842440759, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52139, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337894436913, "etime": 1727337894436913, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52193, "dest_port": 8990, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727337756652779, "etime": 1727337756652779, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52110, "dest_port": 8990, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727337825003947, "etime": 1727337825003947, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52121, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337816721041, "etime": 1727337816721041, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52112, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337867830668, "etime": 1727337867830668, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52164, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337843455105, "etime": 1727337843455105, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52140, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337861736598, "etime": 1727337861736598, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52158, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337875955662, "etime": 1727337875955662, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52172, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337889220933, "etime": 1727337889220933, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52186, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337903736684, "etime": 1727337903736684, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52204, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337864783515, "etime": 1727337864783515, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52161, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337901710779, "etime": 1727337901710779, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52202, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337841423657, "etime": 1727337841423657, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52138, "dest_port": 8990, "protocol": "tls", "result": "Antsword"}, {"stime": 1727337836236734, "etime": 1727337836236734, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52132, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337904751986, "etime": 1727337904751986, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52205, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337856658972, "etime": 1727337856658972, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52153, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337818753721, "etime": 1727337818753721, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52114, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337869861311, "etime": 1727337869861311, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52166, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337827058993, "etime": 1727337827058993, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52123, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337830142634, "etime": 1727337830142634, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52126, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337872908324, "etime": 1727337872908324, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52169, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337898633855, "etime": 1727337898633855, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52198, "dest_port": 8990, "protocol": "tls", "result": "Antsword"}, {"stime": 1727337902721118, "etime": 1727337902721118, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52203, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337850565584, "etime": 1727337850565584, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52147, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337865799401, "etime": 1727337865799401, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52162, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337885111746, "etime": 1727337885111746, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52181, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337858689320, "etime": 1727337858689320, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52155, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337846502236, "etime": 1727337846502236, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52143, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337853611599, "etime": 1727337853611599, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52150, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337876971116, "etime": 1727337876971116, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52173, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337831158091, "etime": 1727337831158091, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52127, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337852596132, "etime": 1727337852596132, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52149, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727337838268233, "etime": 1727337838268233, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52134, "dest_port": 8990, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:29:36.808] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25065 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022912Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4fce811a3c625d843fedda11492599dbc414e9e11ea515c2d88555b17488cb8d"} [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:36.808] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:43.343] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl|result:{"code": 1, "total_count": 92, "abnormal_count": 15, "normal_count": 77, "alert_count": 15, "timestamp": 1765362583341, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727398485940259, "etime": 1727398485940259, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49893, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398449473223, "etime": 1727398449473223, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49855, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727398452518263, "etime": 1727398452518263, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398470033804, "etime": 1727398470033804, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398446393687, "etime": 1727398446393687, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49851, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398474692524, "etime": 1727398474692524, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398481878087, "etime": 1727398481878087, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49889, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398465972335, "etime": 1727398465972335, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49874, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398444362645, "etime": 1727398444362645, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398496128996, "etime": 1727398496128996, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49904, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398422158803, "etime": 1727398422158803, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49827, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398501253934, "etime": 1727398501253934, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49911, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398439293802, "etime": 1727398439293802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49844, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727398494065800, "etime": 1727398494065800, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398461862323, "etime": 1727398461862323, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49869, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398454601908, "etime": 1727398454601908, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398463894092, "etime": 1727398463894092, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398468002686, "etime": 1727398468002686, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49876, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398476736938, "etime": 1727398476736938, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398425205691, "etime": 1727398425205691, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398480862146, "etime": 1727398480862146, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398493050087, "etime": 1727398493050087, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49900, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398502268493, "etime": 1727398502268493, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49912, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398448426143, "etime": 1727398448426143, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49853, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398436206351, "etime": 1727398436206351, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49840, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398423174606, "etime": 1727398423174606, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49828, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398443346644, "etime": 1727398443346644, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49848, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398476794739, "etime": 1727398476794739, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49884, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727398475721385, "etime": 1727398475721385, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398486956494, "etime": 1727398486956494, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49894, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398473674235, "etime": 1727398473674235, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398494104157, "etime": 1727398494104157, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49902, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398358034277, "etime": 1727398358034277, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49821, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727398499221673, "etime": 1727398499221673, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49909, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398464960922, "etime": 1727398464960922, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398419111520, "etime": 1727398419111520, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49824, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398358076545, "etime": 1727398358076545, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49822, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398498158668, "etime": 1727398498158668, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49906, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398432035037, "etime": 1727398432035037, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49835, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398462878120, "etime": 1727398462878120, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398483908452, "etime": 1727398483908452, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49891, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398445378499, "etime": 1727398445378499, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49850, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398418096585, "etime": 1727398418096585, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49823, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398472661561, "etime": 1727398472661561, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49879, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727398449441608, "etime": 1727398449441608, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398484924364, "etime": 1727398484924364, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398491019080, "etime": 1727398491019080, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49898, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398457659296, "etime": 1727398457659296, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49864, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398455628110, "etime": 1727398455628110, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49862, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398482893243, "etime": 1727398482893243, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49890, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398427981151, "etime": 1727398427981151, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49831, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727398460842162, "etime": 1727398460842162, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49868, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727398433165235, "etime": 1727398433165235, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49837, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727398487972010, "etime": 1727398487972010, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49895, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398488987171, "etime": 1727398488987171, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49896, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398442332280, "etime": 1727398442332280, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49847, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398438238192, "etime": 1727398438238192, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398447410265, "etime": 1727398447410265, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49852, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398421143529, "etime": 1727398421143529, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49826, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398459690290, "etime": 1727398459690290, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49866, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398497143015, "etime": 1727398497143015, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49905, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398424190567, "etime": 1727398424190567, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49829, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398460719514, "etime": 1727398460719514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398420128304, "etime": 1727398420128304, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49825, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398428989463, "etime": 1727398428989463, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49832, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398466987064, "etime": 1727398466987064, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49875, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398453581271, "etime": 1727398453581271, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398498203253, "etime": 1727398498203253, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49907, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398495112474, "etime": 1727398495112474, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49903, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398451502421, "etime": 1727398451502421, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398440299611, "etime": 1727398440299611, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398433049518, "etime": 1727398433049518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49836, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398464908442, "etime": 1727398464908442, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398458676962, "etime": 1727398458676962, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398500237370, "etime": 1727398500237370, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49910, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398435190689, "etime": 1727398435190689, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398478830800, "etime": 1727398478830800, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49886, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398437223311, "etime": 1727398437223311, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398492033730, "etime": 1727398492033730, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398450487031, "etime": 1727398450487031, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398439253415, "etime": 1727398439253415, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49843, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398477814969, "etime": 1727398477814969, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49885, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398430002739, "etime": 1727398430002739, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49833, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398490003133, "etime": 1727398490003133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398452562041, "etime": 1727398452562041, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49859, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727398434174753, "etime": 1727398434174753, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49838, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398431018713, "etime": 1727398431018713, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49834, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398502279382, "etime": 1727398502279382, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49913, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398469018843, "etime": 1727398469018843, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49877, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398479847920, "etime": 1727398479847920, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49887, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398456644084, "etime": 1727398456644084, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49863, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727398441315782, "etime": 1727398441315782, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 15|max_alert: 1000 [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:29:43.343] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24655 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022915Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=78e639fc91cd6a10c4e84652a30b9be7279bb1bde921890e7409ad33f39e7470"} [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:43.343] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:43.344] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:29:56.442] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl|result:{"code": 1, "total_count": 184, "abnormal_count": 4, "normal_count": 180, "alert_count": 4, "timestamp": 1765362596439, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727228336150048, "etime": 1727228336150048, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49171, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228368103232, "etime": 1727228368103232, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49283, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228335353818, "etime": 1727228335353818, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49168, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228336664968, "etime": 1727228336664968, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49173, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228361718571, "etime": 1727228361718571, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49259, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228334044596, "etime": 1727228334044596, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49163, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228345150791, "etime": 1727228345150791, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49205, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228345930668, "etime": 1727228345930668, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49208, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228348053195, "etime": 1727228348053195, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49216, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228370507253, "etime": 1727228370507253, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49292, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228355837000, "etime": 1727228355837000, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49245, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228383542297, "etime": 1727228383542297, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49341, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228343856020, "etime": 1727228343856020, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49200, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228348271033, "etime": 1727228348271033, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49217, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228376732938, "etime": 1727228376732938, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49315, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228347746667, "etime": 1727228347746667, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49215, "dest_port": 51129, "protocol": "tls", "result": "Behinder"}, {"stime": 1727228345691604, "etime": 1727228345691604, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49207, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228348551688, "etime": 1727228348551688, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49218, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228356398525, "etime": 1727228356398525, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49247, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228355260490, "etime": 1727228355260490, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49243, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228337663125, "etime": 1727228337663125, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49177, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228363059879, "etime": 1727228363059879, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49264, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228342897145, "etime": 1727228342897145, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49196, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228371092176, "etime": 1727228371092176, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49294, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228368317780, "etime": 1727228368317780, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49284, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228372479896, "etime": 1727228372479896, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49299, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228346945087, "etime": 1727228346945087, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49212, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228373049477, "etime": 1727228373049477, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49301, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228360626331, "etime": 1727228360626331, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49255, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228349082630, "etime": 1727228349082630, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49220, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228364980110, "etime": 1727228364980110, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49271, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228375114604, "etime": 1727228375114604, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49309, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228343139302, "etime": 1727228343139302, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49197, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228376190320, "etime": 1727228376190320, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49313, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228379049739, "etime": 1727228379049739, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49324, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228353559245, "etime": 1727228353559245, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49237, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228381202479, "etime": 1727228381202479, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49332, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228369970663, "etime": 1727228369970663, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49290, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228380391741, "etime": 1727228380391741, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49329, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228352779716, "etime": 1727228352779716, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49234, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228371646592, "etime": 1727228371646592, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49296, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228372773284, "etime": 1727228372773284, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49300, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228375636055, "etime": 1727228375636055, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49311, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228353091241, "etime": 1727228353091241, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49235, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228367088633, "etime": 1727228367088633, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49279, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228381982756, "etime": 1727228381982756, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49335, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228377538177, "etime": 1727228377538177, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49318, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228343622427, "etime": 1727228343622427, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49199, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228340424653, "etime": 1727228340424653, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49187, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228380672237, "etime": 1727228380672237, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49330, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228340938701, "etime": 1727228340938701, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49189, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228340142970, "etime": 1727228340142970, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49186, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228377011494, "etime": 1727228377011494, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49316, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228335884396, "etime": 1727228335884396, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49170, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228337897332, "etime": 1727228337897332, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49178, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228350346222, "etime": 1727228350346222, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49225, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228273791286, "etime": 1727228273791286, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49162, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228342266820, "etime": 1727228342266820, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49194, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228341797077, "etime": 1727228341797077, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49192, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228359191609, "etime": 1727228359191609, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49249, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228358959122, "etime": 1727228358959122, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49248, "dest_port": 51129, "protocol": "tls", "result": "Behinder"}, {"stime": 1727228344621070, "etime": 1727228344621070, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49203, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228368641417, "etime": 1727228368641417, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49285, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228369215196, "etime": 1727228369215196, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49287, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228347491356, "etime": 1727228347491356, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49214, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228369707753, "etime": 1727228369707753, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49289, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228370815934, "etime": 1727228370815934, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49293, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228374836041, "etime": 1727228374836041, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49308, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228336898017, "etime": 1727228336898017, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49174, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228375867547, "etime": 1727228375867547, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49312, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228382279256, "etime": 1727228382279256, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49336, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228338677021, "etime": 1727228338677021, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49181, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228368920004, "etime": 1727228368920004, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49286, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228362545466, "etime": 1727228362545466, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49262, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228361234274, "etime": 1727228361234274, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49257, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228351141340, "etime": 1727228351141340, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49228, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228378535026, "etime": 1727228378535026, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49322, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228369430192, "etime": 1727228369430192, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49288, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228378296422, "etime": 1727228378296422, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49321, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228379845666, "etime": 1727228379845666, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49327, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228378769312, "etime": 1727228378769312, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49323, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228350907601, "etime": 1727228350907601, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49227, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228350064585, "etime": 1727228350064585, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49224, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228365704107, "etime": 1727228365704107, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49274, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228371384150, "etime": 1727228371384150, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49295, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228362295628, "etime": 1727228362295628, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49261, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228382512819, "etime": 1727228382512819, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49337, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228338926801, "etime": 1727228338926801, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49182, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228360158336, "etime": 1727228360158336, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49253, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228366782327, "etime": 1727228366782327, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49278, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228335604283, "etime": 1727228335604283, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49169, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228346695402, "etime": 1727228346695402, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49211, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228334886361, "etime": 1727228334886361, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49166, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228364407939, "etime": 1727228364407939, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49269, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228363915331, "etime": 1727228363915331, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49267, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228350632802, "etime": 1727228350632802, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49226, "dest_port": 51129, "protocol": "tls", "result": "Behinder"}, {"stime": 1727228371907738, "etime": 1727228371907738, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49297, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228362826024, "etime": 1727228362826024, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49263, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228346211338, "etime": 1727228346211338, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49209, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228346429981, "etime": 1727228346429981, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49210, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228354432762, "etime": 1727228354432762, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49240, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228375374975, "etime": 1727228375374975, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49310, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228380094941, "etime": 1727228380094941, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49328, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228383823889, "etime": 1727228383823889, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49342, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228353840290, "etime": 1727228353840290, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49238, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228356101916, "etime": 1727228356101916, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49246, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228341250575, "etime": 1727228341250575, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49190, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228344340363, "etime": 1727228344340363, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49202, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228353340946, "etime": 1727228353340946, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49236, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228355555892, "etime": 1727228355555892, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49244, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228374527429, "etime": 1727228374527429, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49307, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228377770967, "etime": 1727228377770967, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49319, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228366489399, "etime": 1727228366489399, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49277, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228344074466, "etime": 1727228344074466, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49201, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228352093153, "etime": 1727228352093153, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49231, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228359424722, "etime": 1727228359424722, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49250, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228380921813, "etime": 1727228380921813, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49331, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228381452104, "etime": 1727228381452104, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49333, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228382747182, "etime": 1727228382747182, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49338, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228352311015, "etime": 1727228352311015, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49232, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228348801927, "etime": 1727228348801927, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49219, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228372217116, "etime": 1727228372217116, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49298, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228379596288, "etime": 1727228379596288, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49326, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228344854861, "etime": 1727228344854861, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49204, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228334371239, "etime": 1727228334371239, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49164, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228364161349, "etime": 1727228364161349, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49268, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228354728974, "etime": 1727228354728974, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49241, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228361453443, "etime": 1727228361453443, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49258, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228366226935, "etime": 1727228366226935, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49276, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228374280350, "etime": 1727228374280350, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49306, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228367841207, "etime": 1727228367841207, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49282, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228338396306, "etime": 1727228338396306, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49180, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228381717115, "etime": 1727228381717115, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49334, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228370261846, "etime": 1727228370261846, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49291, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228334667490, "etime": 1727228334667490, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49165, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228351796311, "etime": 1727228351796311, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49230, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228359690181, "etime": 1727228359690181, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49251, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228338146227, "etime": 1727228338146227, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49179, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228352545491, "etime": 1727228352545491, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49233, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228364671115, "etime": 1727228364671115, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49270, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228377305601, "etime": 1727228377305601, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49317, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228351421820, "etime": 1727228351421820, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49229, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228379331990, "etime": 1727228379331990, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49325, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228336399349, "etime": 1727228336399349, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49172, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228359924705, "etime": 1727228359924705, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49252, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228373819470, "etime": 1727228373819470, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49304, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228378048157, "etime": 1727228378048157, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49320, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228349815676, "etime": 1727228349815676, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49223, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228341531774, "etime": 1727228341531774, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49191, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228339535628, "etime": 1727228339535628, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49184, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228340673637, "etime": 1727228340673637, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49188, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228337164004, "etime": 1727228337164004, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49175, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228349331864, "etime": 1727228349331864, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49221, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228365980500, "etime": 1727228365980500, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49275, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228342030775, "etime": 1727228342030775, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49193, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228347242283, "etime": 1727228347242283, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49213, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228273267937, "etime": 1727228273267937, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49161, "dest_port": 51129, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727228367319163, "etime": 1727228367319163, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49280, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228367564972, "etime": 1727228367564972, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49281, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228365472584, "etime": 1727228365472584, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49273, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228373572828, "etime": 1727228373572828, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49303, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228345419563, "etime": 1727228345419563, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49206, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228354105108, "etime": 1727228354105108, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49239, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228361998599, "etime": 1727228361998599, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49260, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228376453266, "etime": 1727228376453266, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49314, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228383324402, "etime": 1727228383324402, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49340, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228339207953, "etime": 1727228339207953, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49183, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228363324896, "etime": 1727228363324896, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49265, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228383059110, "etime": 1727228383059110, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49339, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228363621705, "etime": 1727228363621705, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49266, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228384057715, "etime": 1727228384057715, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49343, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228337382030, "etime": 1727228337382030, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49176, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228339831525, "etime": 1727228339831525, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49185, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228365225356, "etime": 1727228365225356, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49272, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228373310114, "etime": 1727228373310114, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49302, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228374049553, "etime": 1727228374049553, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49305, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228342545875, "etime": 1727228342545875, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49195, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228354979232, "etime": 1727228354979232, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49242, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228343387909, "etime": 1727228343387909, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49198, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228349581830, "etime": 1727228349581830, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49222, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228360938052, "etime": 1727228360938052, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49256, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228384276013, "etime": 1727228384276013, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49344, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228360376726, "etime": 1727228360376726, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49254, "dest_port": 51129, "protocol": "tls", "result": "Normal"}, {"stime": 1727228335119982, "etime": 1727228335119982, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49167, "dest_port": 51129, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:29:56.442] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24656 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022918Z&X-Amz-Signature=52007e640ed220fb0ce74e55c18ada16b08630d7f586b9ae2c4de3badb56792c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:29:56.442] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:02.262] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl|result:{"code": 1, "total_count": 84, "abnormal_count": 16, "normal_count": 68, "alert_count": 16, "timestamp": 1765362602260, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727339590583885, "etime": 1727339590583885, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53976, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339599755508, "etime": 1727339599755508, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53986, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339548458992, "etime": 1727339548458992, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339565974380, "etime": 1727339565974380, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53949, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339552569661, "etime": 1727339552569661, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53934, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339564958509, "etime": 1727339564958509, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53948, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339572132048, "etime": 1727339572132048, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53956, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339553599801, "etime": 1727339553599801, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339568006036, "etime": 1727339568006036, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53951, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339602802454, "etime": 1727339602802454, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53989, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339563818316, "etime": 1727339563818316, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53946, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339607990003, "etime": 1727339607990003, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339596709309, "etime": 1727339596709309, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53983, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339556663070, "etime": 1727339556663070, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53938, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339594646147, "etime": 1727339594646147, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339585503361, "etime": 1727339585503361, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53971, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727339592614849, "etime": 1727339592614849, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53978, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339614740590, "etime": 1727339614740590, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54001, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339613724715, "etime": 1727339613724715, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54000, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339616771081, "etime": 1727339616771081, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339576225965, "etime": 1727339576225965, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53960, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339562801998, "etime": 1727339562801998, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53945, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339603927705, "etime": 1727339603927705, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339615755621, "etime": 1727339615755621, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54002, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339571084569, "etime": 1727339571084569, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53955, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339548488803, "etime": 1727339548488803, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339586521624, "etime": 1727339586521624, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53972, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339541614892, "etime": 1727339541614892, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53924, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339595693031, "etime": 1727339595693031, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53982, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339589568425, "etime": 1727339589568425, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339609006381, "etime": 1727339609006381, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53996, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339555630396, "etime": 1727339555630396, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53937, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339593631017, "etime": 1727339593631017, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53979, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339601787081, "etime": 1727339601787081, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53988, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339480539565, "etime": 1727339480539565, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53921, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727339549505491, "etime": 1727339549505491, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53931, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339557709548, "etime": 1727339557709548, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53940, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339611643124, "etime": 1727339611643124, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53997, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727339545415458, "etime": 1727339545415458, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53926, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727339573146432, "etime": 1727339573146432, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53957, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339480582231, "etime": 1727339480582231, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339554616360, "etime": 1727339554616360, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53936, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339612710828, "etime": 1727339612710828, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53999, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339550523294, "etime": 1727339550523294, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53932, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339561786498, "etime": 1727339561786498, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339542630182, "etime": 1727339542630182, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53925, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339559755608, "etime": 1727339559755608, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53942, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339540599740, "etime": 1727339540599740, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53923, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339546428604, "etime": 1727339546428604, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339558739889, "etime": 1727339558739889, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53941, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339579333889, "etime": 1727339579333889, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53964, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339606974159, "etime": 1727339606974159, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53994, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339578275539, "etime": 1727339578275539, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53962, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339574178882, "etime": 1727339574178882, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53958, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339578323566, "etime": 1727339578323566, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53963, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339600771683, "etime": 1727339600771683, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53987, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339551537157, "etime": 1727339551537157, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339570036531, "etime": 1727339570036531, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53953, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339547443438, "etime": 1727339547443438, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339556697863, "etime": 1727339556697863, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339566989979, "etime": 1727339566989979, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53950, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339581380422, "etime": 1727339581380422, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53966, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339605958869, "etime": 1727339605958869, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53993, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339570077573, "etime": 1727339570077573, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53954, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339575193624, "etime": 1727339575193624, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53959, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339587536766, "etime": 1727339587536766, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53973, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339594678261, "etime": 1727339594678261, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53981, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339563943521, "etime": 1727339563943521, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727339560770894, "etime": 1727339560770894, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53943, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339588552387, "etime": 1727339588552387, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53974, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339598740116, "etime": 1727339598740116, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53985, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339602917098, "etime": 1727339602917098, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53990, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727339591599475, "etime": 1727339591599475, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339585459205, "etime": 1727339585459205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339584444851, "etime": 1727339584444851, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53969, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339604942825, "etime": 1727339604942825, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53992, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339582412204, "etime": 1727339582412204, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53967, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339569021234, "etime": 1727339569021234, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53952, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339583427557, "etime": 1727339583427557, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53968, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339577240217, "etime": 1727339577240217, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53961, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339580351079, "etime": 1727339580351079, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53965, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339616777854, "etime": 1727339616777854, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54004, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727339597724267, "etime": 1727339597724267, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53984, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727339612661512, "etime": 1727339612661512, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53998, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 16|max_alert: 1000 [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:02.262] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26312 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022921Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d7b4a25fb3619e3a30df42547bbc0b2522442906cb2741591631167b6125224e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:02.262] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:02.263] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:04.502] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl|result:{"code": 0, "total_count": 31, "abnormal_count": 0, "normal_count": 31, "alert_count": 0, "timestamp": 1765362604501, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726055050129010, "etime": 1726055050129010, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53105, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055047103992, "etime": 1726055047103992, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53104, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055022932604, "etime": 1726055022932604, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53094, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055025955536, "etime": 1726055025955536, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53096, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054988219951, "etime": 1726054988219951, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53076, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055009526045, "etime": 1726055009526045, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53087, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055003497680, "etime": 1726055003497680, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53085, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055038062091, "etime": 1726055038062091, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53101, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054982195136, "etime": 1726054982195136, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53074, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055012550321, "etime": 1726055012550321, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53088, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055022276517, "etime": 1726055022276517, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53093, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055016235989, "etime": 1726055016235989, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53090, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055044093183, "etime": 1726055044093183, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53103, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055053147729, "etime": 1726055053147729, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53106, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054997455462, "etime": 1726054997455462, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53083, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055000480483, "etime": 1726055000480483, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53084, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055006512530, "etime": 1726055006512530, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53086, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054991420662, "etime": 1726054991420662, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53078, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055028979110, "etime": 1726055028979110, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53097, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055028989947, "etime": 1726055028989947, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53098, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055025945840, "etime": 1726055025945840, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53095, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054994441442, "etime": 1726054994441442, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53082, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054985203066, "etime": 1726054985203066, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53075, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054979179812, "etime": 1726054979179812, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53073, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055015566953, "etime": 1726055015566953, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53089, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055041072112, "etime": 1726055041072112, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53102, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055019251056, "etime": 1726055019251056, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53091, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055035045670, "etime": 1726055035045670, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53100, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055032013003, "etime": 1726055032013003, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53099, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726054991234577, "etime": 1726054991234577, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53077, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726055019264142, "etime": 1726055019264142, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 53092, "dest_port": 8889, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:04.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:30:04.502] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26313 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022924Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ac3f197eef682a9aa24c85df41b4749481f3e493b822d71ece26fffc05bbe479&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:30:04.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:04.502] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:04.503] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:04.503] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:04.503] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:04.503] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:26.965] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl|result:{"code": 0, "total_count": 324, "abnormal_count": 0, "normal_count": 324, "alert_count": 0, "timestamp": 1765362626960, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727228504770037, "etime": 1727228504770037, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49714, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506501562, "etime": 1727228506501562, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49742, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490652127, "etime": 1727228490652127, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49522, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496720827, "etime": 1727228496720827, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49618, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486300128, "etime": 1727228486300128, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49458, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506829434, "etime": 1727228506829434, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49748, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495051561, "etime": 1727228495051561, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49590, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492961110, "etime": 1727228492961110, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49557, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488405926, "etime": 1727228488405926, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49490, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486970670, "etime": 1727228486970670, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49466, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493288564, "etime": 1727228493288564, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49562, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494708759, "etime": 1727228494708759, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49584, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228503900836, "etime": 1727228503900836, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49701, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499107198, "etime": 1727228499107198, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49653, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500698426, "etime": 1727228500698426, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49680, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491853291, "etime": 1727228491853291, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49539, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490355757, "etime": 1727228490355757, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49518, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492914104, "etime": 1727228492914104, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49556, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501650165, "etime": 1727228501650165, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49696, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501072835, "etime": 1727228501072835, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49687, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497407036, "etime": 1727228497407036, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49629, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505909501, "etime": 1727228505909501, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49731, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499965561, "etime": 1727228499965561, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49669, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506626718, "etime": 1727228506626718, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49744, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505269199, "etime": 1727228505269199, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49721, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498670346, "etime": 1727228498670346, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49647, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499435317, "etime": 1727228499435317, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49661, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489107772, "etime": 1727228489107772, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49499, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504598937, "etime": 1727228504598937, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49712, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486798717, "etime": 1727228486798717, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49464, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507593948, "etime": 1727228507593948, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49761, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493023566, "etime": 1727228493023566, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49558, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507765208, "etime": 1727228507765208, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49764, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499185473, "etime": 1727228499185473, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49656, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506736039, "etime": 1727228506736039, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49745, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496081560, "etime": 1727228496081560, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49607, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490776954, "etime": 1727228490776954, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49524, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494390478, "etime": 1727228494390478, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49579, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498951494, "etime": 1727228498951494, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49650, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491728586, "etime": 1727228491728586, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49537, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487251405, "etime": 1727228487251405, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49471, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491541511, "etime": 1727228491541511, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49535, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489810690, "etime": 1727228489810690, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49509, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494084585, "etime": 1727228494084585, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49575, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496392841, "etime": 1727228496392841, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49613, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490012791, "etime": 1727228490012791, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49512, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496891886, "etime": 1727228496891886, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49621, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500059001, "etime": 1727228500059001, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49671, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507344300, "etime": 1727228507344300, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49756, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507422600, "etime": 1727228507422600, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49758, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506766586, "etime": 1727228506766586, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49746, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501181943, "etime": 1727228501181943, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49688, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504520677, "etime": 1727228504520677, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49710, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495987417, "etime": 1727228495987417, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49605, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490527072, "etime": 1727228490527072, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49520, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489732240, "etime": 1727228489732240, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49508, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505347371, "etime": 1727228505347371, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49722, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507156915, "etime": 1727228507156915, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49754, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499122818, "etime": 1727228499122818, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49654, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228503975094, "etime": 1727228503975094, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49703, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497469376, "etime": 1727228497469376, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49630, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491057672, "etime": 1727228491057672, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49528, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492820286, "etime": 1727228492820286, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49555, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495565907, "etime": 1727228495565907, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49599, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493678621, "etime": 1727228493678621, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49569, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494957661, "etime": 1727228494957661, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49587, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499247360, "etime": 1727228499247360, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49658, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500308495, "etime": 1727228500308495, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49675, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492430766, "etime": 1727228492430766, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49548, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494583271, "etime": 1727228494583271, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49582, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486565327, "etime": 1727228486565327, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49461, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489513533, "etime": 1727228489513533, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49506, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497828194, "etime": 1727228497828194, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49635, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498171653, "etime": 1727228498171653, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49641, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500012352, "etime": 1727228500012352, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49670, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508170805, "etime": 1727228508170805, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49770, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499013626, "etime": 1727228499013626, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49651, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506455308, "etime": 1727228506455308, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49741, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508420506, "etime": 1727228508420506, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49773, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496783566, "etime": 1727228496783566, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49619, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508670363, "etime": 1727228508670363, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49777, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493444769, "etime": 1727228493444769, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49565, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495020275, "etime": 1727228495020275, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49588, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497110691, "etime": 1727228497110691, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49625, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486892403, "etime": 1727228486892403, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49465, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497688067, "etime": 1727228497688067, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49633, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498842857, "etime": 1727228498842857, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49649, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499403629, "etime": 1727228499403629, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49660, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501338188, "etime": 1727228501338188, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49690, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500386530, "etime": 1727228500386530, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49676, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497953900, "etime": 1727228497953900, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49638, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491151485, "etime": 1727228491151485, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49529, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496112075, "etime": 1727228496112075, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49608, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490979661, "etime": 1727228490979661, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49527, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504676727, "etime": 1727228504676727, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49713, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492695887, "etime": 1727228492695887, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49553, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487609907, "etime": 1727228487609907, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49477, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500995202, "etime": 1727228500995202, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49685, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494459044, "etime": 1727228494459044, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49580, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495519664, "etime": 1727228495519664, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49598, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498545646, "etime": 1727228498545646, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49645, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495363534, "etime": 1727228495363534, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49596, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500215304, "etime": 1727228500215304, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49674, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489903127, "etime": 1727228489903127, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49510, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500620617, "etime": 1727228500620617, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49679, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495753349, "etime": 1727228495753349, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49602, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496330444, "etime": 1727228496330444, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49612, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505503261, "etime": 1727228505503261, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49724, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507562455, "etime": 1727228507562455, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49760, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508639389, "etime": 1727228508639389, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49776, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508545701, "etime": 1727228508545701, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49775, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495706560, "etime": 1727228495706560, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49601, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489934719, "etime": 1727228489934719, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49511, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487937556, "etime": 1727228487937556, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49483, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496252491, "etime": 1727228496252491, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49610, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508467578, "etime": 1727228508467578, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49774, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490621238, "etime": 1727228490621238, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49521, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490215504, "etime": 1727228490215504, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49515, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489342198, "etime": 1727228489342198, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49503, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492524594, "etime": 1727228492524594, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49550, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497547352, "etime": 1727228497547352, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49631, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498015261, "etime": 1727228498015261, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49639, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498764075, "etime": 1727228498764075, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49648, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486642943, "etime": 1727228486642943, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49462, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506939001, "etime": 1727228506939001, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49750, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491213921, "etime": 1727228491213921, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49530, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497188631, "etime": 1727228497188631, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49626, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496034051, "etime": 1727228496034051, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49606, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497063542, "etime": 1727228497063542, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49624, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488062674, "etime": 1727228488062674, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49485, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501790950, "etime": 1727228501790950, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49698, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500870140, "etime": 1727228500870140, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49683, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494880025, "etime": 1727228494880025, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49586, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491962676, "etime": 1727228491962676, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49541, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505862725, "etime": 1727228505862725, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49730, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504301976, "etime": 1727228504301976, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49707, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495175977, "etime": 1727228495175977, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49593, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499153875, "etime": 1727228499153875, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49655, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506798408, "etime": 1727228506798408, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49747, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506876442, "etime": 1727228506876442, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49749, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489154319, "etime": 1727228489154319, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49500, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491369766, "etime": 1727228491369766, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49533, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490043539, "etime": 1727228490043539, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49513, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492602351, "etime": 1727228492602351, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49551, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493631686, "etime": 1727228493631686, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49568, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504832436, "etime": 1727228504832436, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49715, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495253996, "etime": 1727228495253996, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49595, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494162050, "etime": 1727228494162050, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49576, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506174065, "etime": 1727228506174065, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49735, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496517393, "etime": 1727228496517393, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49615, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507250717, "etime": 1727228507250717, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49755, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487828504, "etime": 1727228487828504, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49480, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504396221, "etime": 1727228504396221, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49708, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501962163, "etime": 1727228501962163, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49700, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499622206, "etime": 1727228499622206, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49663, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491338478, "etime": 1727228491338478, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49532, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507921785, "etime": 1727228507921785, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49766, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506252182, "etime": 1727228506252182, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49737, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491447847, "etime": 1727228491447847, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49534, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494255651, "etime": 1727228494255651, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49577, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504988731, "etime": 1727228504988731, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49717, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497297891, "etime": 1727228497297891, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49628, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504052838, "etime": 1727228504052838, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49704, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504208659, "etime": 1727228504208659, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49706, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491775988, "etime": 1727228491775988, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49538, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506330596, "etime": 1727228506330596, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49738, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498623926, "etime": 1727228498623926, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49646, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493366601, "etime": 1727228493366601, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49564, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507640557, "etime": 1727228507640557, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49762, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504879234, "etime": 1727228504879234, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49716, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499872009, "etime": 1727228499872009, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49668, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496939070, "etime": 1727228496939070, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49622, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499762549, "etime": 1727228499762549, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49666, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495878604, "etime": 1727228495878604, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49604, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487392147, "etime": 1727228487392147, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49473, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489388444, "etime": 1727228489388444, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49504, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505441812, "etime": 1727228505441812, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49723, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488827207, "etime": 1727228488827207, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49495, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498342945, "etime": 1727228498342945, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49643, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488452717, "etime": 1727228488452717, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49491, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505097974, "etime": 1727228505097974, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49719, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487454441, "etime": 1727228487454441, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49474, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507750115, "etime": 1727228507750115, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49763, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489201695, "etime": 1727228489201695, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49501, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499684374, "etime": 1727228499684374, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49664, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500496184, "etime": 1727228500496184, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49677, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495425686, "etime": 1727228495425686, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49597, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487048815, "etime": 1727228487048815, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49467, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498436410, "etime": 1727228498436410, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49644, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506969735, "etime": 1727228506969735, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49751, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488655667, "etime": 1727228488655667, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49493, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501696910, "etime": 1727228501696910, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49697, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501509592, "etime": 1727228501509592, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49694, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495114202, "etime": 1727228495114202, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49591, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492071353, "etime": 1727228492071353, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49543, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493538063, "etime": 1727228493538063, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49566, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504099830, "etime": 1727228504099830, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49705, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501603703, "etime": 1727228501603703, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49695, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490153270, "etime": 1727228490153270, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49514, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500745510, "etime": 1727228500745510, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49681, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491260843, "etime": 1727228491260843, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49531, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487859725, "etime": 1727228487859725, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49481, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496985745, "etime": 1727228496985745, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49623, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487875226, "etime": 1727228487875226, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49482, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507032435, "etime": 1727228507032435, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49752, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505690292, "etime": 1727228505690292, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49728, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487220453, "etime": 1727228487220453, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49470, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493163633, "etime": 1727228493163633, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49560, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494520866, "etime": 1727228494520866, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49581, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501884577, "etime": 1727228501884577, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49699, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507094612, "etime": 1727228507094612, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49753, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486254184, "etime": 1727228486254184, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49457, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490449327, "etime": 1727228490449327, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49519, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506220743, "etime": 1727228506220743, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49736, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506361461, "etime": 1727228506361461, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49739, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505784306, "etime": 1727228505784306, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49729, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508233762, "etime": 1727228508233762, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49771, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496190067, "etime": 1727228496190067, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49609, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494052995, "etime": 1727228494052995, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49574, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228426238543, "etime": 1727228426238543, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49456, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508342638, "etime": 1727228508342638, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49772, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500136905, "etime": 1727228500136905, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49673, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508031113, "etime": 1727228508031113, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49767, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501478879, "etime": 1727228501478879, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49693, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495129047, "etime": 1727228495129047, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49592, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487563334, "etime": 1727228487563334, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49476, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494646061, "etime": 1727228494646061, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49583, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496861364, "etime": 1727228496861364, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49620, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499715788, "etime": 1727228499715788, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49665, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501369285, "etime": 1727228501369285, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49691, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497734494, "etime": 1727228497734494, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49634, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488749140, "etime": 1727228488749140, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49494, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489622707, "etime": 1727228489622707, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49507, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488546064, "etime": 1727228488546064, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49492, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497875441, "etime": 1727228497875441, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49636, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500542802, "etime": 1727228500542802, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49678, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501026187, "etime": 1727228501026187, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49686, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489482243, "etime": 1727228489482243, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49505, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506424500, "etime": 1727228506424500, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49740, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487984984, "etime": 1727228487984984, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49484, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497933635, "etime": 1727228497933635, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49637, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488202870, "etime": 1727228488202870, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49487, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497203827, "etime": 1727228497203827, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49627, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499076109, "etime": 1727228499076109, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49652, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493210532, "etime": 1727228493210532, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49561, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492056433, "etime": 1727228492056433, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49542, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499216982, "etime": 1727228499216982, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49657, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501432093, "etime": 1727228501432093, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49692, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494817377, "etime": 1727228494817377, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49585, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505160478, "etime": 1727228505160478, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49720, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487687967, "etime": 1727228487687967, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49478, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506127374, "etime": 1727228506127374, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49734, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487469471, "etime": 1727228487469471, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49475, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495035713, "etime": 1727228495035713, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49589, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507859150, "etime": 1727228507859150, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49765, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506564272, "etime": 1727228506564272, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49743, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508061692, "etime": 1727228508061692, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49768, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496486428, "etime": 1727228496486428, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49614, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496564804, "etime": 1727228496564804, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49616, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228503928150, "etime": 1727228503928150, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49702, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499512789, "etime": 1727228499512789, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49662, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507375092, "etime": 1727228507375092, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49757, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498062239, "etime": 1727228498062239, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49640, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506064758, "etime": 1727228506064758, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49733, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490683037, "etime": 1727228490683037, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49523, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493975365, "etime": 1727228493975365, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49573, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487080312, "etime": 1727228487080312, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49468, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487298049, "etime": 1727228487298049, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49472, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487142419, "etime": 1727228487142419, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49469, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228494349442, "etime": 1727228494349442, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49578, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496299016, "etime": 1727228496299016, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49611, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500932686, "etime": 1727228500932686, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49684, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486736800, "etime": 1727228486736800, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49463, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493085641, "etime": 1727228493085641, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49559, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499341191, "etime": 1727228499341191, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49659, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500792426, "etime": 1727228500792426, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49682, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492445923, "etime": 1727228492445923, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49549, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493818999, "etime": 1727228493818999, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49571, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228426214987, "etime": 1727228426214987, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49455, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493912972, "etime": 1727228493912972, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49572, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491916264, "etime": 1727228491916264, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49540, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504551866, "etime": 1727228504551866, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49711, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488281093, "etime": 1727228488281093, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49488, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490934133, "etime": 1727228490934133, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49526, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228501244683, "etime": 1727228501244683, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49689, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492228065, "etime": 1727228492228065, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49546, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505035314, "etime": 1727228505035314, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49718, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486408943, "etime": 1727228486408943, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49459, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228487719273, "etime": 1727228487719273, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49479, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488125375, "etime": 1727228488125375, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49486, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228500105934, "etime": 1727228500105934, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49672, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505519031, "etime": 1727228505519031, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49725, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505581294, "etime": 1727228505581294, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49726, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228497625293, "etime": 1727228497625293, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49632, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495207361, "etime": 1727228495207361, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49594, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489232556, "etime": 1727228489232556, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49502, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493304322, "etime": 1727228493304322, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49563, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228505628087, "etime": 1727228505628087, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49727, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495784329, "etime": 1727228495784329, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49603, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492150016, "etime": 1727228492150016, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49545, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488921267, "etime": 1727228488921267, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49496, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508124246, "etime": 1727228508124246, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49769, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489014000, "etime": 1727228489014000, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49497, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490860131, "etime": 1727228490860131, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49525, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490277910, "etime": 1727228490277910, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49517, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228488343312, "etime": 1727228488343312, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49489, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493741233, "etime": 1727228493741233, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49570, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228506002990, "etime": 1727228506002990, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49732, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492321637, "etime": 1727228492321637, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49547, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228489029956, "etime": 1727228489029956, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49498, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492633629, "etime": 1727228492633629, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49552, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228496642790, "etime": 1727228496642790, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49617, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228495659902, "etime": 1727228495659902, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49600, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228508763961, "etime": 1727228508763961, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49778, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228490231046, "etime": 1727228490231046, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49516, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228498265182, "etime": 1727228498265182, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49642, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492742444, "etime": 1727228492742444, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49554, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228507453408, "etime": 1727228507453408, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49759, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228491635372, "etime": 1727228491635372, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49536, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228492118480, "etime": 1727228492118480, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49544, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228486487192, "etime": 1727228486487192, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49460, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228499793425, "etime": 1727228499793425, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49667, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228504442589, "etime": 1727228504442589, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49709, "dest_port": 51139, "protocol": "tls", "result": "Normal"}, {"stime": 1727228493600323, "etime": 1727228493600323, "src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "src_port": 49567, "dest_port": 51139, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:30:26.965] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25066 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7006290e4cee98becc3ef0cecb26b7df9033eca98e960990ac2c96505f77107c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022927Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:26.965] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:26.966] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:29.973] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl|result:{"code": 1, "total_count": 42, "abnormal_count": 16, "normal_count": 26, "alert_count": 16, "timestamp": 1765362629972, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730306505544996, "etime": 1730306505544996, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51400, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306444785989, "etime": 1730306444785989, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51383, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306608069437, "etime": 1730306608069437, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51429, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306528385092, "etime": 1730306528385092, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51406, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306414740705, "etime": 1730306414740705, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51377, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306475037646, "etime": 1730306475037646, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51391, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306591543948, "etime": 1730306591543948, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51424, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306434775864, "etime": 1730306434775864, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51380, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306540932053, "etime": 1730306540932053, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51410, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306540856292, "etime": 1730306540856292, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51409, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306464950611, "etime": 1730306464950611, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51389, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306464891810, "etime": 1730306464891810, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51388, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306594810093, "etime": 1730306594810093, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51425, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306631195347, "etime": 1730306631195347, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51434, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306561078717, "etime": 1730306561078717, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51416, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306581531557, "etime": 1730306581531557, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51422, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306551008185, "etime": 1730306551008185, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51413, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306495527795, "etime": 1730306495527795, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51398, "dest_port": 8888, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730306474969062, "etime": 1730306474969062, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51390, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306505783235, "etime": 1730306505783235, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51401, "dest_port": 8888, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730306571093086, "etime": 1730306571093086, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51419, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306648083081, "etime": 1730306648083081, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51439, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306354693670, "etime": 1730306354693670, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51368, "dest_port": 8888, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730306515794357, "etime": 1730306515794357, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51402, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306454882535, "etime": 1730306454882535, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51386, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306485100986, "etime": 1730306485100986, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51395, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306454798921, "etime": 1730306454798921, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51385, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306550943542, "etime": 1730306550943542, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51412, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306581333185, "etime": 1730306581333185, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51421, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306618082858, "etime": 1730306618082858, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51431, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306604824875, "etime": 1730306604824875, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51428, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306638059463, "etime": 1730306638059463, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51436, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306495113887, "etime": 1730306495113887, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51397, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306621180762, "etime": 1730306621180762, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51432, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306424761269, "etime": 1730306424761269, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51379, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306485044425, "etime": 1730306485044425, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51394, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306518370885, "etime": 1730306518370885, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51404, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306571317897, "etime": 1730306571317897, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51420, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306354733170, "etime": 1730306354733170, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51369, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306561024098, "etime": 1730306561024098, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51415, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306530844799, "etime": 1730306530844799, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51408, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306648077362, "etime": 1730306648077362, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51438, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 16|max_alert: 1000 [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:29.974] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25067 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022931Z&X-Amz-Signature=548ba5259a015c24601376caa93f4a6368790b4c6c60e926b60d2069fdd1bdde&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:29.974] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:33.111] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl|result:{"code": 1, "total_count": 45, "abnormal_count": 18, "normal_count": 27, "alert_count": 18, "timestamp": 1765362633110, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730306840862213, "etime": 1730306840862213, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51480, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306926426985, "etime": 1730306926426985, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51506, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306875883469, "etime": 1730306875883469, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51491, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306830844115, "etime": 1730306830844115, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51477, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306800242670, "etime": 1730306800242670, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51469, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306850876618, "etime": 1730306850876618, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51483, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730307009137624, "etime": 1730307009137624, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51527, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306999124404, "etime": 1730306999124404, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51524, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306780110724, "etime": 1730306780110724, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51462, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306939682445, "etime": 1730306939682445, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51509, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306770040392, "etime": 1730306770040392, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51459, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306800192685, "etime": 1730306800192685, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51468, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306820505956, "etime": 1730306820505956, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51474, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730307009132842, "etime": 1730307009132842, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51526, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306865811757, "etime": 1730306865811757, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51489, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306769980137, "etime": 1730306769980137, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51458, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306699952572, "etime": 1730306699952572, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51449, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306982953360, "etime": 1730306982953360, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51519, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306969855314, "etime": 1730306969855314, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51516, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306699915036, "etime": 1730306699915036, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51448, "dest_port": 8888, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730306916214983, "etime": 1730306916214983, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51502, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306986027795, "etime": 1730306986027795, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51521, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306810486928, "etime": 1730306810486928, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51473, "dest_port": 8888, "protocol": "tls", "result": "Godzilla"}, {"stime": 1730306959845431, "etime": 1730306959845431, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51514, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306906007114, "etime": 1730306906007114, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51500, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306916421067, "etime": 1730306916421067, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51503, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306946742242, "etime": 1730306946742242, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51511, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306929674737, "etime": 1730306929674737, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51507, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306853394087, "etime": 1730306853394087, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51484, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306875827449, "etime": 1730306875827449, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51490, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306996032755, "etime": 1730306996032755, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51522, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306863407054, "etime": 1730306863407054, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51488, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306956749010, "etime": 1730306956749010, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51512, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306780057954, "etime": 1730306780057954, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51461, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306885894710, "etime": 1730306885894710, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51494, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306759963385, "etime": 1730306759963385, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51456, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306790128868, "etime": 1730306790128868, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51464, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306790179156, "etime": 1730306790179156, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51465, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306820826929, "etime": 1730306820826929, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51475, "dest_port": 8888, "protocol": "tls", "result": "Godzilla"}, {"stime": 1730306906208847, "etime": 1730306906208847, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51501, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306972935259, "etime": 1730306972935259, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51518, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306885942353, "etime": 1730306885942353, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51495, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306895998536, "etime": 1730306895998536, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51498, "dest_port": 8888, "protocol": "tls", "result": "Antsword"}, {"stime": 1730306895955285, "etime": 1730306895955285, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51497, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1730306810258881, "etime": 1730306810258881, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51471, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 18|max_alert: 1000 [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:33.111] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24657 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1bd031763bedace2986c97a5c73a615eb292df9df01deb9845f5a534dafae8c9&X-Amz-Date=20251210T022934Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:33.111] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:33.112] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:36.592] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl|result:{"code": 1, "total_count": 49, "abnormal_count": 11, "normal_count": 38, "alert_count": 11, "timestamp": 1765362636590, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730650871153187, "etime": 1730650871153187, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50431, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651070740864, "etime": 1730651070740864, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50531, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650951185173, "etime": 1730650951185173, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50455, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650991346914, "etime": 1730650991346914, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50509, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651024145556, "etime": 1730651024145556, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50520, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651110807893, "etime": 1730651110807893, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50539, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651126982174, "etime": 1730651126982174, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50542, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651157005265, "etime": 1730651157005265, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50546, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651167012302, "etime": 1730651167012302, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50547, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651207059061, "etime": 1730651207059061, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50552, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651227093329, "etime": 1730651227093329, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50556, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651277162522, "etime": 1730651277162522, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50563, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651287186796, "etime": 1730651287186796, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50566, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650981277395, "etime": 1730650981277395, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50506, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650991559086, "etime": 1730650991559086, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50510, "dest_port": 7777, "protocol": "tls", "result": "Godzilla"}, {"stime": 1730651034372477, "etime": 1730651034372477, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50522, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651113889540, "etime": 1730651113889540, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50540, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651187041417, "etime": 1730651187041417, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50550, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651197050866, "etime": 1730651197050866, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50551, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651004012337, "etime": 1730651004012337, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50513, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651123907189, "etime": 1730651123907189, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50541, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651287181887, "etime": 1730651287181887, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50565, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651100792722, "etime": 1730651100792722, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50537, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651090776690, "etime": 1730651090776690, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50534, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650931162802, "etime": 1730650931162802, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50436, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650961197273, "etime": 1730650961197273, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50469, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651024100419, "etime": 1730651024100419, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50519, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651044385039, "etime": 1730651044385039, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50524, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651136990538, "etime": 1730651136990538, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50543, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651001575330, "etime": 1730651001575330, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50512, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651080761127, "etime": 1730651080761127, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50533, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651217076086, "etime": 1730651217076086, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50554, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651267154886, "etime": 1730651267154886, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50562, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651177027515, "etime": 1730651177027515, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50548, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651247125994, "etime": 1730651247125994, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50558, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651146998109, "etime": 1730651146998109, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50545, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651060731767, "etime": 1730651060731767, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50529, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650981332050, "etime": 1730650981332050, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50507, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651257141375, "etime": 1730651257141375, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50560, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651237109610, "etime": 1730651237109610, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50557, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651057651736, "etime": 1730651057651736, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50527, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651014030963, "etime": 1730651014030963, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50515, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651014087814, "etime": 1730651014087814, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50516, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730651034152861, "etime": 1730651034152861, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50521, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650871123534, "etime": 1730650871123534, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50430, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730650941175489, "etime": 1730650941175489, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50439, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730651047645662, "etime": 1730651047645662, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50525, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650971209447, "etime": 1730650971209447, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50487, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730650971260206, "etime": 1730650971260206, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50488, "dest_port": 7777, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:36.592] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26314 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022937Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1fe8f989492a7dc32df0cf61d3a81383a1cc3ec27d7a2bd987c717482681ffd5"} [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:36.592] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:39.777] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl|result:{"code": 1, "total_count": 44, "abnormal_count": 9, "normal_count": 35, "alert_count": 9, "timestamp": 1765362639776, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730649414691127, "etime": 1730649414691127, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 49983, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649514812967, "etime": 1730649514812967, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50008, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649547797336, "etime": 1730649547797336, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50019, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649581336068, "etime": 1730649581336068, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50028, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649594444293, "etime": 1730649594444293, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50030, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649707684508, "etime": 1730649707684508, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50085, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649687659265, "etime": 1730649687659265, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50056, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649717693314, "etime": 1730649717693314, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50087, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649757757476, "etime": 1730649757757476, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50111, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649637583218, "etime": 1730649637583218, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50040, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649647597541, "etime": 1730649647597541, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50043, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649537720561, "etime": 1730649537720561, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50017, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649627565203, "etime": 1730649627565203, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50038, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649514865659, "etime": 1730649514865659, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50009, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649697670645, "etime": 1730649697670645, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50079, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649504806956, "etime": 1730649504806956, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50007, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649557803171, "etime": 1730649557803171, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50020, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649504742021, "etime": 1730649504742021, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50006, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649557845655, "etime": 1730649557845655, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50021, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649737720433, "etime": 1730649737720433, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50095, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649535092836, "etime": 1730649535092836, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50016, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649767776923, "etime": 1730649767776923, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50115, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649780881596, "etime": 1730649780881596, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50123, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649474701250, "etime": 1730649474701250, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50000, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649770859960, "etime": 1730649770859960, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50116, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649727712260, "etime": 1730649727712260, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50091, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649578085125, "etime": 1730649578085125, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50027, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649414659758, "etime": 1730649414659758, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 49982, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730649568066417, "etime": 1730649568066417, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50023, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649667628567, "etime": 1730649667628567, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50050, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649604460002, "etime": 1730649604460002, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50031, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730649780875317, "etime": 1730649780875317, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50122, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649567857696, "etime": 1730649567857696, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50022, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649617547634, "etime": 1730649617547634, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50037, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649614469083, "etime": 1730649614469083, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50035, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649677648278, "etime": 1730649677648278, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50051, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649494725971, "etime": 1730649494725971, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50005, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649484716607, "etime": 1730649484716607, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50001, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649525081580, "etime": 1730649525081580, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50011, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730649591354379, "etime": 1730649591354379, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50029, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649747734126, "etime": 1730649747734126, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50099, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649547731233, "etime": 1730649547731233, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50018, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649524871839, "etime": 1730649524871839, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50010, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730649657618377, "etime": 1730649657618377, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50047, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 9|max_alert: 1000 [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:39.777] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26315 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f91e646129c42b12a9a74ce787876f4fdea78e8b8be1b9c53962e15fdafa4330&X-Amz-Date=20251210T022940Z"} [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:39.777] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:39.778] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:43.297] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl|result:{"code": 1, "total_count": 47, "abnormal_count": 19, "normal_count": 28, "alert_count": 19, "timestamp": 1765362643296, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730650709683576, "etime": 1730650709683576, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650659860870, "etime": 1730650659860870, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50330, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650768999969, "etime": 1730650768999969, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650613627384, "etime": 1730650613627384, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650755894446, "etime": 1730650755894446, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650742797506, "etime": 1730650742797506, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650590173564, "etime": 1730650590173564, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650623632871, "etime": 1730650623632871, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50322, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650557605551, "etime": 1730650557605551, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50301, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1730650570058265, "etime": 1730650570058265, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650600373305, "etime": 1730650600373305, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650547348395, "etime": 1730650547348395, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50298, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650626707198, "etime": 1730650626707198, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50323, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650706616418, "etime": 1730650706616418, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650745879983, "etime": 1730650745879983, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650729713175, "etime": 1730650729713175, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650557411024, "etime": 1730650557411024, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650732790756, "etime": 1730650732790756, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650673126108, "etime": 1730650673126108, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650580118318, "etime": 1730650580118318, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650683515783, "etime": 1730650683515783, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650719694237, "etime": 1730650719694237, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650467219329, "etime": 1730650467219329, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50284, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730650792102751, "etime": 1730650792102751, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50369, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650802126606, "etime": 1730650802126606, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650693522013, "etime": 1730650693522013, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50338, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650567623425, "etime": 1730650567623425, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50303, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650663111412, "etime": 1730650663111412, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50332, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650765912697, "etime": 1730650765912697, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650802120430, "etime": 1730650802120430, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650646746313, "etime": 1730650646746313, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50326, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650547398113, "etime": 1730650547398113, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50299, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650673320112, "etime": 1730650673320112, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50335, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650600184239, "etime": 1730650600184239, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650610377010, "etime": 1730650610377010, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650537282791, "etime": 1730650537282791, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50295, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650467250677, "etime": 1730650467250677, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50285, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650580064698, "etime": 1730650580064698, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50308, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650590133830, "etime": 1730650590133830, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50311, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650537333246, "etime": 1730650537333246, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650683332265, "etime": 1730650683332265, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50336, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650789022808, "etime": 1730650789022808, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50367, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650636725089, "etime": 1730650636725089, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50324, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650779010288, "etime": 1730650779010288, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50360, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650527265404, "etime": 1730650527265404, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50290, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1730650696601290, "etime": 1730650696601290, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1730650649841952, "etime": 1730650649841952, "src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "src_port": 50327, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 19|max_alert: 1000 [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:43.298] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25068 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bb4a271cf0fe477619eeee41ea09f61ff42bf2ba3453aa1ba33fcc7317bfb11f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022943Z"} [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:43.298] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:48.575] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl|result:{"code": 1, "total_count": 72, "abnormal_count": 10, "normal_count": 62, "alert_count": 10, "timestamp": 1765362648573, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727400552694168, "etime": 1727400552694168, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50190, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400514147670, "etime": 1727400514147670, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50148, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400551678762, "etime": 1727400551678762, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50189, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400554787391, "etime": 1727400554787391, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50193, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727400558869310, "etime": 1727400558869310, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50197, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400526209717, "etime": 1727400526209717, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50160, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400533430831, "etime": 1727400533430831, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50169, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400559938370, "etime": 1727400559938370, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50199, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400532413312, "etime": 1727400532413312, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50168, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400550615914, "etime": 1727400550615914, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50187, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400512116963, "etime": 1727400512116963, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50146, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400535476333, "etime": 1727400535476333, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50171, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400540634280, "etime": 1727400540634280, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50177, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400560944449, "etime": 1727400560944449, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50200, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400513131751, "etime": 1727400513131751, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50147, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400538586676, "etime": 1727400538586676, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50175, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400530335392, "etime": 1727400530335392, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50165, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400547506681, "etime": 1727400547506681, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50183, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400549537864, "etime": 1727400549537864, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50185, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400507928153, "etime": 1727400507928153, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50141, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727400531399354, "etime": 1727400531399354, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50167, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400534444312, "etime": 1727400534444312, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50170, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400529273494, "etime": 1727400529273494, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50163, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400539599886, "etime": 1727400539599886, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50176, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400549599304, "etime": 1727400549599304, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50186, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400519959748, "etime": 1727400519959748, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50152, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400520008091, "etime": 1727400520008091, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50153, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727400553709756, "etime": 1727400553709756, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50191, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400556821157, "etime": 1727400556821157, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50195, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400562975282, "etime": 1727400562975282, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50202, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400527227416, "etime": 1727400527227416, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50161, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400566084709, "etime": 1727400566084709, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50206, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400529320914, "etime": 1727400529320914, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50164, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400537554217, "etime": 1727400537554217, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50174, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400546350400, "etime": 1727400546350400, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50181, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400546485584, "etime": 1727400546485584, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50182, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400516905903, "etime": 1727400516905903, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50149, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400565069503, "etime": 1727400565069503, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50205, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400548522245, "etime": 1727400548522245, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50184, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400545335403, "etime": 1727400545335403, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50180, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400557834786, "etime": 1727400557834786, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50196, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400531352998, "etime": 1727400531352998, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50166, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400446842971, "etime": 1727400446842971, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50138, "dest_port": 8843, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727400564008701, "etime": 1727400564008701, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50203, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400511100207, "etime": 1727400511100207, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50145, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400509069861, "etime": 1727400509069861, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50143, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400541647564, "etime": 1727400541647564, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50178, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400559881792, "etime": 1727400559881792, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50198, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400554725133, "etime": 1727400554725133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50192, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400536491077, "etime": 1727400536491077, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50172, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400517929611, "etime": 1727400517929611, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50150, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400536547477, "etime": 1727400536547477, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50173, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400518944338, "etime": 1727400518944338, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50151, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400521042588, "etime": 1727400521042588, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50154, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400523086730, "etime": 1727400523086730, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50156, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400568138371, "etime": 1727400568138371, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50209, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400522053574, "etime": 1727400522053574, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50155, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400506912915, "etime": 1727400506912915, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50140, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400446892135, "etime": 1727400446892135, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50139, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400544317379, "etime": 1727400544317379, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50179, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400510084549, "etime": 1727400510084549, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50144, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400525192010, "etime": 1727400525192010, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50159, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400528241114, "etime": 1727400528241114, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50162, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400564059195, "etime": 1727400564059195, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50204, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400567100575, "etime": 1727400567100575, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50207, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400555803864, "etime": 1727400555803864, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50194, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400551632084, "etime": 1727400551632084, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50188, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400525133909, "etime": 1727400525133909, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50158, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400524100498, "etime": 1727400524100498, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50157, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400561961465, "etime": 1727400561961465, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50201, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727400508060309, "etime": 1727400508060309, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50142, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727400568131793, "etime": 1727400568131793, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50208, "dest_port": 8843, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 10|max_alert: 1000 [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:48.575] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24658 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl?X-Amz-Date=20251210T022947Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=aacbecbda33d1946ec1d5d5874f2348aa764a5b47ae77ab58b150b027ae286e7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:48.575] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:53.941] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl|result:{"code": 1, "total_count": 71, "abnormal_count": 17, "normal_count": 54, "alert_count": 17, "timestamp": 1765362653939, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727333288003860, "etime": 1727333288003860, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52200, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333311440739, "etime": 1727333311440739, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52224, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333263847217, "etime": 1727333263847217, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52176, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333281830955, "etime": 1727333281830955, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52193, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333256486957, "etime": 1727333256486957, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52167, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333277689762, "etime": 1727333277689762, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52188, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333313497597, "etime": 1727333313497597, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52227, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333251408832, "etime": 1727333251408832, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52162, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333259596471, "etime": 1727333259596471, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52171, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333299252974, "etime": 1727333299252974, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52212, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333252424266, "etime": 1727333252424266, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52163, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333267908893, "etime": 1727333267908893, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52180, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333313487289, "etime": 1727333313487289, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52226, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333188339916, "etime": 1727333188339916, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52157, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333273628918, "etime": 1727333273628918, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52184, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333261628525, "etime": 1727333261628525, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52173, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333283923695, "etime": 1727333283923695, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52196, "dest_port": 8443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727333290034250, "etime": 1727333290034250, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52202, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333260612436, "etime": 1727333260612436, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52172, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333300268124, "etime": 1727333300268124, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52213, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333276674272, "etime": 1727333276674272, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52187, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333277769526, "etime": 1727333277769526, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52189, "dest_port": 8443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727333264862107, "etime": 1727333264862107, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52177, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333188283432, "etime": 1727333188283432, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52156, "dest_port": 8443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727333258581678, "etime": 1727333258581678, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52170, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333285956593, "etime": 1727333285956593, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52198, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333309408998, "etime": 1727333309408998, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52222, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333289018060, "etime": 1727333289018060, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52201, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333310424599, "etime": 1727333310424599, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52223, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333268924756, "etime": 1727333268924756, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52181, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333256549240, "etime": 1727333256549240, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52168, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333274643242, "etime": 1727333274643242, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52185, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333250393607, "etime": 1727333250393607, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52161, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333294159411, "etime": 1727333294159411, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52207, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333265878090, "etime": 1727333265878090, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52178, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333284940709, "etime": 1727333284940709, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52197, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333296205507, "etime": 1727333296205507, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52209, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333298236923, "etime": 1727333298236923, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52211, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333257565537, "etime": 1727333257565537, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52169, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333307377585, "etime": 1727333307377585, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52220, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333272580977, "etime": 1727333272580977, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52183, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333249378266, "etime": 1727333249378266, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52160, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333283861819, "etime": 1727333283861819, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52195, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333275659241, "etime": 1727333275659241, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52186, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333278784211, "etime": 1727333278784211, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52190, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333312455697, "etime": 1727333312455697, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52225, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333279799400, "etime": 1727333279799400, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52191, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333292127689, "etime": 1727333292127689, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52205, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333303315361, "etime": 1727333303315361, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52216, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333305346402, "etime": 1727333305346402, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52218, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333306362517, "etime": 1727333306362517, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52219, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333254455729, "etime": 1727333254455729, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52165, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333308393026, "etime": 1727333308393026, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52221, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333291112664, "etime": 1727333291112664, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52204, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727333266892992, "etime": 1727333266892992, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52179, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333304331111, "etime": 1727333304331111, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52217, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333295174680, "etime": 1727333295174680, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52208, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333255471904, "etime": 1727333255471904, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52166, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333262836001, "etime": 1727333262836001, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52175, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727333262643439, "etime": 1727333262643439, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52174, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333286971193, "etime": 1727333286971193, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52199, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333271558241, "etime": 1727333271558241, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52182, "dest_port": 8443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727333248362642, "etime": 1727333248362642, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52159, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333301283841, "etime": 1727333301283841, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52214, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333290105444, "etime": 1727333290105444, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52203, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333293143367, "etime": 1727333293143367, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52206, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333297221503, "etime": 1727333297221503, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52210, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333253440561, "etime": 1727333253440561, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52164, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333280815856, "etime": 1727333280815856, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52192, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333302300427, "etime": 1727333302300427, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52215, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727333282846989, "etime": 1727333282846989, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52194, "dest_port": 8443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 17|max_alert: 1000 [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:53.941] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25069 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl?X-Amz-Signature=38b512e354d01708058157fdfc155493c8d065cd3ac47d284588bdc8efa84a58&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022950Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:53.941] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:55.843] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl|result:{"code": 0, "total_count": 25, "abnormal_count": 0, "normal_count": 25, "alert_count": 0, "timestamp": 1765362655842, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726069061196890, "etime": 1726069061196890, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49394, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068988745056, "etime": 1726068988745056, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49374, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068991038542, "etime": 1726068991038542, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49379, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726068990729834, "etime": 1726068990729834, "src_ip": "192.168.32.43", "dest_ip": "23.63.243.99", "src_port": 49376, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726069061200488, "etime": 1726069061200488, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49395, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068990730163, "etime": 1726068990730163, "src_ip": "192.168.32.43", "dest_ip": "23.222.166.237", "src_port": 49377, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726069048759324, "etime": 1726069048759324, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49382, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069054087286, "etime": 1726069054087286, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49387, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069053071697, "etime": 1726069053071697, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49386, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069052055780, "etime": 1726069052055780, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49385, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068914530781, "etime": 1726068914530781, "src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "src_port": 49371, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069055102902, "etime": 1726069055102902, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49388, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068812185487, "etime": 1726068812185487, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49368, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068988724705, "etime": 1726068988724705, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49373, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068990729116, "etime": 1726068990729116, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726068812466269, "etime": 1726068812466269, "src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "src_port": 49369, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069050030675, "etime": 1726069050030675, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49383, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069051040302, "etime": 1726069051040302, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49384, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069056118382, "etime": 1726069056118382, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49389, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726068990730517, "etime": 1726068990730517, "src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "src_port": 49378, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1726069057134115, "etime": 1726069057134115, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49390, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069058149907, "etime": 1726069058149907, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49391, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069016556267, "etime": 1726069016556267, "src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "src_port": 49380, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069059165864, "etime": 1726069059165864, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49392, "dest_port": 8889, "protocol": "tls", "result": "Normal"}, {"stime": 1726069060180943, "etime": 1726069060180943, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49393, "dest_port": 8889, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:30:55.843] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24659 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl?X-Amz-Signature=5160db56ab4c287f94665e12969db90e51ae010ac0990c876502d941ef73a4bb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022953Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:55.843] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:55.844] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:30:58.733] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl|result:{"code": 1, "total_count": 39, "abnormal_count": 5, "normal_count": 34, "alert_count": 5, "timestamp": 1765362658732, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730305774117685, "etime": 1730305774117685, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51268, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305671041753, "etime": 1730305671041753, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51238, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305744074688, "etime": 1730305744074688, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51262, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305844662367, "etime": 1730305844662367, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51285, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305711393762, "etime": 1730305711393762, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51253, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305650931716, "etime": 1730305650931716, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51234, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305844467217, "etime": 1730305844467217, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51284, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305723980676, "etime": 1730305723980676, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51257, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305834460089, "etime": 1730305834460089, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51281, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305580859984, "etime": 1730305580859984, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51223, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730305877999421, "etime": 1730305877999421, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51292, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305864683170, "etime": 1730305864683170, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51289, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305681111167, "etime": 1730305681111167, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51241, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305721406799, "etime": 1730305721406799, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51255, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305681050817, "etime": 1730305681050817, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51240, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305660938087, "etime": 1730305660938087, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51235, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305640910255, "etime": 1730305640910255, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51231, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305701132761, "etime": 1730305701132761, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51248, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305764096970, "etime": 1730305764096970, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51266, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305754088566, "etime": 1730305754088566, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51263, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305701373933, "etime": 1730305701373933, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51251, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730305794194849, "etime": 1730305794194849, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51272, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305691116683, "etime": 1730305691116683, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51247, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305580894265, "etime": 1730305580894265, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51224, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305733999703, "etime": 1730305733999703, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51259, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305794404464, "etime": 1730305794404464, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51273, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305804414635, "etime": 1730305804414635, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51276, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305824442692, "etime": 1730305824442692, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51280, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305854674372, "etime": 1730305854674372, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51287, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305774168954, "etime": 1730305774168954, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51269, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305885062486, "etime": 1730305885062486, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51294, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305895069221, "etime": 1730305895069221, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51296, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305905078756, "etime": 1730305905078756, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51298, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305661023421, "etime": 1730305661023421, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51236, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305814431405, "etime": 1730305814431405, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51278, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305867977949, "etime": 1730305867977949, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51290, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305908330822, "etime": 1730305908330822, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51299, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305784174592, "etime": 1730305784174592, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51271, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305744007478, "etime": 1730305744007478, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51261, "dest_port": 7777, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:30:58.733] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24660 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl?X-Amz-Signature=7ab9b71dd7fb32a51ee33aaa5e4a05bd029d003a7a95fa6fd1fded058fd41073&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022956Z"} [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:30:58.733] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:30:58.734] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:03.887] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl|result:{"code": 1, "total_count": 68, "abnormal_count": 4, "normal_count": 64, "alert_count": 4, "timestamp": 1765362663885, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727154415999679, "etime": 1727154415999679, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50092, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154370041168, "etime": 1727154370041168, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50050, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154414689533, "etime": 1727154414689533, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154358235604, "etime": 1727154358235604, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50039, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154295827116, "etime": 1727154295827116, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50037, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727154372334155, "etime": 1727154372334155, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50052, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154368902069, "etime": 1727154368902069, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50049, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154407855860, "etime": 1727154407855860, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50084, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154397575525, "etime": 1727154397575525, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50075, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154417138707, "etime": 1727154417138707, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154419400967, "etime": 1727154419400967, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154421662129, "etime": 1727154421662129, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50097, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154423257403, "etime": 1727154423257403, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727154367763733, "etime": 1727154367763733, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50048, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154375925218, "etime": 1727154375925218, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50056, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154414837641, "etime": 1727154414837641, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50091, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154413534349, "etime": 1727154413534349, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50089, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154360883936, "etime": 1727154360883936, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50042, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154366624558, "etime": 1727154366624558, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50047, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154406708021, "etime": 1727154406708021, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50083, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154394160030, "etime": 1727154394160030, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50072, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154358606114, "etime": 1727154358606114, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50040, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727154429107502, "etime": 1727154429107502, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50104, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154374613821, "etime": 1727154374613821, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50054, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154382755488, "etime": 1727154382755488, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50062, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154386172021, "etime": 1727154386172021, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50065, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154408994815, "etime": 1727154408994815, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50085, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154402130504, "etime": 1727154402130504, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154371180467, "etime": 1727154371180467, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50051, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154428979866, "etime": 1727154428979866, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154410135036, "etime": 1727154410135036, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50086, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154378200162, "etime": 1727154378200162, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50058, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154427839339, "etime": 1727154427839339, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154418277072, "etime": 1727154418277072, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154389588152, "etime": 1727154389588152, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50068, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154365487319, "etime": 1727154365487319, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50046, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154399852888, "etime": 1727154399852888, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50077, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154395314222, "etime": 1727154395314222, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154377060993, "etime": 1727154377060993, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50057, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154380477770, "etime": 1727154380477770, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50060, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154425546450, "etime": 1727154425546450, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154374788063, "etime": 1727154374788063, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50055, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727154405567524, "etime": 1727154405567524, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50082, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154363177456, "etime": 1727154363177456, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50044, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154379339524, "etime": 1727154379339524, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50059, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154362037970, "etime": 1727154362037970, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50043, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154426701626, "etime": 1727154426701626, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154387310014, "etime": 1727154387310014, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50066, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154403269135, "etime": 1727154403269135, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50080, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154411257465, "etime": 1727154411257465, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50087, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154396437085, "etime": 1727154396437085, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50074, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154390726970, "etime": 1727154390726970, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50069, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154359744686, "etime": 1727154359744686, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50041, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154424392228, "etime": 1727154424392228, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50099, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154383893578, "etime": 1727154383893578, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50063, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154391883362, "etime": 1727154391883362, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50070, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154398714457, "etime": 1727154398714457, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50076, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154385032923, "etime": 1727154385032923, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50064, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154420538879, "etime": 1727154420538879, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154297996641, "etime": 1727154297996641, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50038, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727154393020421, "etime": 1727154393020421, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50071, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154373474233, "etime": 1727154373474233, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154381616195, "etime": 1727154381616195, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50061, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154404408614, "etime": 1727154404408614, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50081, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154400992329, "etime": 1727154400992329, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50078, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154412395693, "etime": 1727154412395693, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50088, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154388450397, "etime": 1727154388450397, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50067, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154364316203, "etime": 1727154364316203, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50045, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:03.887] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24661 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl?X-Amz-Date=20251210T022959Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a700b8d390c07cb2631577d215ecf67df8feba6b7b81da11b08eece3c4ac2008&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:03.887] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:08.794] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl|result:{"code": 1, "total_count": 65, "abnormal_count": 4, "normal_count": 61, "alert_count": 4, "timestamp": 1765362668793, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727155906775285, "etime": 1727155906775285, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50186, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155900926059, "etime": 1727155900926059, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50180, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155916244269, "etime": 1727155916244269, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50194, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155959526905, "etime": 1727155959526905, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50234, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155944766933, "etime": 1727155944766933, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50220, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155958387729, "etime": 1727155958387729, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50232, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155903358962, "etime": 1727155903358962, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50183, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155911377286, "etime": 1727155911377286, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50190, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155949292616, "etime": 1727155949292616, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50224, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155929897658, "etime": 1727155929897658, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50206, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155910238113, "etime": 1727155910238113, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50189, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155964081479, "etime": 1727155964081479, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50238, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155935639206, "etime": 1727155935639206, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50211, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155925340576, "etime": 1727155925340576, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50202, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155902065002, "etime": 1727155902065002, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50181, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155954969934, "etime": 1727155954969934, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50229, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155941351369, "etime": 1727155941351369, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50217, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155835716608, "etime": 1727155835716608, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50173, "dest_port": 8001, "protocol": "tls", "result": "Normal"}, {"stime": 1727155904496837, "etime": 1727155904496837, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50184, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155932223276, "etime": 1727155932223276, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50208, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155931036615, "etime": 1727155931036615, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50207, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155942489252, "etime": 1727155942489252, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50218, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155905635876, "etime": 1727155905635876, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50185, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155950429450, "etime": 1727155950429450, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50225, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155933361099, "etime": 1727155933361099, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50209, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155923063713, "etime": 1727155923063713, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50200, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155953831197, "etime": 1727155953831197, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50228, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155913970058, "etime": 1727155913970058, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50192, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155927620742, "etime": 1727155927620742, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50204, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155940219994, "etime": 1727155940219994, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50216, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155907929783, "etime": 1727155907929783, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50187, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155924204120, "etime": 1727155924204120, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50201, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155909077365, "etime": 1727155909077365, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50188, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155917367849, "etime": 1727155917367849, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50195, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155928759806, "etime": 1727155928759806, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50205, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155934500451, "etime": 1727155934500451, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50210, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155945905759, "etime": 1727155945905759, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50221, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155951553583, "etime": 1727155951553583, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50226, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155898336009, "etime": 1727155898336009, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50177, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155962943523, "etime": 1727155962943523, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50237, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155952692031, "etime": 1727155952692031, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50227, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155921925704, "etime": 1727155921925704, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50199, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155838135222, "etime": 1727155838135222, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50175, "dest_port": 6443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727155918508007, "etime": 1727155918508007, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50196, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155965204477, "etime": 1727155965204477, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50239, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155966471830, "etime": 1727155966471830, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50241, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155943627711, "etime": 1727155943627711, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50219, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155948152816, "etime": 1727155948152816, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50223, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155920784378, "etime": 1727155920784378, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50198, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155899785684, "etime": 1727155899785684, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50179, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155936778766, "etime": 1727155936778766, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50212, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155898569655, "etime": 1727155898569655, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50178, "dest_port": 6443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727155961803938, "etime": 1727155961803938, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50236, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155966344497, "etime": 1727155966344497, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50240, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155960665118, "etime": 1727155960665118, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50235, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155957247798, "etime": 1727155957247798, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50231, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155947028896, "etime": 1727155947028896, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50222, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155956108794, "etime": 1727155956108794, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50230, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155919645066, "etime": 1727155919645066, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50197, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155902218820, "etime": 1727155902218820, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50182, "dest_port": 6443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727155937917212, "etime": 1727155937917212, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50213, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155939071382, "etime": 1727155939071382, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50215, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155912827536, "etime": 1727155912827536, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50191, "dest_port": 6443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727155915105607, "etime": 1727155915105607, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50193, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155926481395, "etime": 1727155926481395, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50203, "dest_port": 6443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:08.795] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26316 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c553fe5641cf2880d5d732ddcb8a83ab06b23258ccac551ae8bdcc7421744c20&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023003Z&X-Amz-Expires=604800"} [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:08.795] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:13.549] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl|result:{"code": 1, "total_count": 63, "abnormal_count": 9, "normal_count": 54, "alert_count": 9, "timestamp": 1765362673548, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727340347741346, "etime": 1727340347741346, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54283, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340349812801, "etime": 1727340349812801, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54286, "dest_port": 8070, "protocol": "tls", "result": "Antsword"}, {"stime": 1727340364179363, "etime": 1727340364179363, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54302, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340269472353, "etime": 1727340269472353, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54264, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340354929228, "etime": 1727340354929228, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54292, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340374977836, "etime": 1727340374977836, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54311, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340343679058, "etime": 1727340343679058, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54279, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340361132115, "etime": 1727340361132115, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54299, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340335397669, "etime": 1727340335397669, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54269, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340351835083, "etime": 1727340351835083, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54288, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340369868313, "etime": 1727340369868313, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54306, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340383726134, "etime": 1727340383726134, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54318, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340385804172, "etime": 1727340385804172, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54321, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340350819473, "etime": 1727340350819473, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54287, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340334382606, "etime": 1727340334382606, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54268, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340349772566, "etime": 1727340349772566, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54285, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340356960196, "etime": 1727340356960196, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54294, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340368850895, "etime": 1727340368850895, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54305, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340353913368, "etime": 1727340353913368, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54291, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340341645916, "etime": 1727340341645916, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54277, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340373961692, "etime": 1727340373961692, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54310, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340386820979, "etime": 1727340386820979, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54322, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340388868479, "etime": 1727340388868479, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54324, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340379071249, "etime": 1727340379071249, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54315, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340337429315, "etime": 1727340337429315, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54271, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340359100955, "etime": 1727340359100955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54297, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340362147957, "etime": 1727340362147957, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54300, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340340601070, "etime": 1727340340601070, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54275, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340269433531, "etime": 1727340269433531, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54263, "dest_port": 8070, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727340370882205, "etime": 1727340370882205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54307, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340338445013, "etime": 1727340338445013, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54272, "dest_port": 8070, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727340352896367, "etime": 1727340352896367, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54290, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340360116968, "etime": 1727340360116968, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54298, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340348757365, "etime": 1727340348757365, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54284, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340363164625, "etime": 1727340363164625, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54301, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340346725721, "etime": 1727340346725721, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54282, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340372929150, "etime": 1727340372929150, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54309, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340365195175, "etime": 1727340365195175, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54303, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340377024170, "etime": 1727340377024170, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54313, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340367840125, "etime": 1727340367840125, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54304, "dest_port": 8070, "protocol": "tls", "result": "Behinder"}, {"stime": 1727340384741699, "etime": 1727340384741699, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54319, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340344694414, "etime": 1727340344694414, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54280, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340345710143, "etime": 1727340345710143, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54281, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340357976370, "etime": 1727340357976370, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54295, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340382710355, "etime": 1727340382710355, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54317, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340375991377, "etime": 1727340375991377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54312, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340388875179, "etime": 1727340388875179, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54325, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340342663417, "etime": 1727340342663417, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54278, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340336413723, "etime": 1727340336413723, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54270, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340387834858, "etime": 1727340387834858, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54323, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340338573019, "etime": 1727340338573019, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54273, "dest_port": 8070, "protocol": "tls", "result": "Antsword"}, {"stime": 1727340358093985, "etime": 1727340358093985, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54296, "dest_port": 8070, "protocol": "tls", "result": "Antsword"}, {"stime": 1727340381693638, "etime": 1727340381693638, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54316, "dest_port": 8070, "protocol": "tls", "result": "Behinder"}, {"stime": 1727340352850874, "etime": 1727340352850874, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54289, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340355944282, "etime": 1727340355944282, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54293, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340371914863, "etime": 1727340371914863, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54308, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340384787874, "etime": 1727340384787874, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54320, "dest_port": 8070, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727340330506770, "etime": 1727340330506770, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54266, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340339585273, "etime": 1727340339585273, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54274, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340329491921, "etime": 1727340329491921, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54265, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340333367249, "etime": 1727340333367249, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54267, "dest_port": 8070, "protocol": "tls", "result": "Antsword"}, {"stime": 1727340341616723, "etime": 1727340341616723, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54276, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727340378038244, "etime": 1727340378038244, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54314, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:13.549] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 9|max_alert: 1000 [2025-12-10 10:31:13.549] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:13.549] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:13.550] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24662 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6a07cc74e09b38ff8631745be09c485bfcf7a864f26b0b19ef5ccbc47f281f0f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023006Z"} [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:13.550] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:18.413] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl|result:{"code": 1, "total_count": 65, "abnormal_count": 4, "normal_count": 61, "alert_count": 4, "timestamp": 1765362678412, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727159509917010, "etime": 1727159509917010, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159496923026, "etime": 1727159496923026, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727159523625637, "etime": 1727159523625637, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159557838524, "etime": 1727159557838524, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159520224990, "etime": 1727159520224990, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159538446405, "etime": 1727159538446405, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159517947177, "etime": 1727159517947177, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159553282765, "etime": 1727159553282765, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50433, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159531618000, "etime": 1727159531618000, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159504017260, "etime": 1727159504017260, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50389, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159541862347, "etime": 1727159541862347, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159516796083, "etime": 1727159516796083, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159507433660, "etime": 1727159507433660, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50392, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159527042207, "etime": 1727159527042207, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50410, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159548695341, "etime": 1727159548695341, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50429, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159509726569, "etime": 1727159509726569, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50394, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159547564488, "etime": 1727159547564488, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50428, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159432525606, "etime": 1727159432525606, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50379, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727159536184210, "etime": 1727159536184210, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159525903583, "etime": 1727159525903583, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159552144306, "etime": 1727159552144306, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50432, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159540724124, "etime": 1727159540724124, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159561456427, "etime": 1727159561456427, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159544127121, "etime": 1727159544127121, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50425, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159502674420, "etime": 1727159502674420, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50387, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159524765122, "etime": 1727159524765122, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159560302284, "etime": 1727159560302284, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159530475199, "etime": 1727159530475199, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159539585556, "etime": 1727159539585556, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50421, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159528165450, "etime": 1727159528165450, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159549834402, "etime": 1727159549834402, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50430, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159506294959, "etime": 1727159506294959, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50391, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159532767578, "etime": 1727159532767578, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159535045640, "etime": 1727159535045640, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159542986148, "etime": 1727159542986148, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50424, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159537323377, "etime": 1727159537323377, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159556699208, "etime": 1727159556699208, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159495108966, "etime": 1727159495108966, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50381, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727159501506027, "etime": 1727159501506027, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50386, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159514516231, "etime": 1727159514516231, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159545279057, "etime": 1727159545279057, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159529320927, "etime": 1727159529320927, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50412, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159434902447, "etime": 1727159434902447, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50380, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727159498073704, "etime": 1727159498073704, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159511057106, "etime": 1727159511057106, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50396, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159505154952, "etime": 1727159505154952, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50390, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159562726364, "etime": 1727159562726364, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159533906802, "etime": 1727159533906802, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159554421115, "etime": 1727159554421115, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159513376489, "etime": 1727159513376489, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159550988744, "etime": 1727159550988744, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50431, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159515654099, "etime": 1727159515654099, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159508587004, "etime": 1727159508587004, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50393, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159499211645, "etime": 1727159499211645, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159512238677, "etime": 1727159512238677, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159519086013, "etime": 1727159519086013, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159558009976, "etime": 1727159558009976, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159500350235, "etime": 1727159500350235, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159502889701, "etime": 1727159502889701, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50388, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727159522502758, "etime": 1727159522502758, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159546417997, "etime": 1727159546417997, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159521364285, "etime": 1727159521364285, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159559163829, "etime": 1727159559163829, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159555560634, "etime": 1727159555560634, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727159562596110, "etime": 1727159562596110, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:18.413] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25070 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl?X-Amz-Signature=785529ae8a82a1cef3b6e673df706b22ef0e169fecd88bfdcf5a70ff800a0e26&X-Amz-Date=20251210T023009Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:18.413] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:18.414] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:22.991] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl|result:{"code": 1, "total_count": 61, "abnormal_count": 6, "normal_count": 55, "alert_count": 6, "timestamp": 1765362682990, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727336922766347, "etime": 1727336922766347, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51144, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336919578833, "etime": 1727336919578833, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51140, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336950423734, "etime": 1727336950423734, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51173, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336971641377, "etime": 1727336971641377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51194, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336963469225, "etime": 1727336963469225, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336944297578, "etime": 1727336944297578, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51166, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336923784253, "etime": 1727336923784253, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51145, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336921610861, "etime": 1727336921610861, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51142, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727336918562729, "etime": 1727336918562729, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51139, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336917547516, "etime": 1727336917547516, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51138, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727336949407471, "etime": 1727336949407471, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336930937892, "etime": 1727336930937892, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51152, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336935046884, "etime": 1727336935046884, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51156, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336938141652, "etime": 1727336938141652, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51160, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336964487477, "etime": 1727336964487477, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51186, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336970625534, "etime": 1727336970625534, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51193, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336936109527, "etime": 1727336936109527, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51158, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336965500565, "etime": 1727336965500565, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51187, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336945313139, "etime": 1727336945313139, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51167, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336942234653, "etime": 1727336942234653, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51164, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336927876387, "etime": 1727336927876387, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51149, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336940203484, "etime": 1727336940203484, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51162, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336842129615, "etime": 1727336842129615, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 50792, "dest_port": 8000, "protocol": "tls", "result": "Normal"}, {"stime": 1727336955578569, "etime": 1727336955578569, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51179, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336957609794, "etime": 1727336957609794, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51181, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336959656887, "etime": 1727336959656887, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336920594342, "etime": 1727336920594342, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51141, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336921759098, "etime": 1727336921759098, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51143, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727336952470156, "etime": 1727336952470156, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51175, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336954517877, "etime": 1727336954517877, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51177, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336948359735, "etime": 1727336948359735, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51170, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336962451065, "etime": 1727336962451065, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51184, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727336967531750, "etime": 1727336967531750, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51189, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336966515991, "etime": 1727336966515991, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51188, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336925829403, "etime": 1727336925829403, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51147, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336934016515, "etime": 1727336934016515, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51155, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336958642264, "etime": 1727336958642264, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51182, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336943275080, "etime": 1727336943275080, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51165, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336967571755, "etime": 1727336967571755, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51190, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336857486240, "etime": 1727336857486240, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51001, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727336953484455, "etime": 1727336953484455, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51176, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336937126856, "etime": 1727336937126856, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51159, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336956595948, "etime": 1727336956595948, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51180, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336931970115, "etime": 1727336931970115, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51153, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336935093307, "etime": 1727336935093307, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51157, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727336926860311, "etime": 1727336926860311, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51148, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336947344104, "etime": 1727336947344104, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336951438671, "etime": 1727336951438671, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51174, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336969609909, "etime": 1727336969609909, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51192, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336939173937, "etime": 1727336939173937, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336924797040, "etime": 1727336924797040, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51146, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336948388718, "etime": 1727336948388718, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51171, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336954560539, "etime": 1727336954560539, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51178, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336971656483, "etime": 1727336971656483, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336929924905, "etime": 1727336929924905, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51151, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336932984685, "etime": 1727336932984685, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51154, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336928891070, "etime": 1727336928891070, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51150, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336857532903, "etime": 1727336857532903, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51002, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336941221155, "etime": 1727336941221155, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51163, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336968578530, "etime": 1727336968578530, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51191, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727336946328852, "etime": 1727336946328852, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51168, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:22.991] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26317 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023012Z&X-Amz-Signature=9b6e93161613c69e04f06479de39d088fcfac05eafa4e58b3a62ac7de519aa4f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:22.991] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:22.992] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:23.070] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362683070, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726814707450913, "etime": 1726814707450913, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51802, "dest_port": 446, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:23.070] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24663 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023015Z&X-Amz-Expires=604800&X-Amz-Signature=f248df79f58ef7fcdec7d67f0c2900c10b779e56bc2b31e96f67c8852a59909e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:23.070] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:23.071] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:23.148] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362683148, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726796447607414, "etime": 1726796447607414, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51144, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:23.148] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25071 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl?X-Amz-Date=20251210T023018Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=13f0d48022db484036bbad0b6b8177dbd44983647b5febc9ed9cc1f0efc93982&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:23.148] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:23.149] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:23.226] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362683226, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726800644346585, "etime": 1726800644346585, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51262, "dest_port": 446, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:23.226] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25072 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl?X-Amz-Signature=4cd62d3215998310ab3f6f6342269049aa5bde0fa86a8e750f81f8c9d659f115&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023022Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:23.226] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:23.227] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:23.306] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362683305, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726817532765719, "etime": 1726817532765719, "src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "src_port": 51900, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:23.306] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26318 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023025Z&X-Amz-Signature=2181261b0d81f389e49cbb2d5cfdce12ee109b3977737395a7d47e1744b7ffb0&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:23.306] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:27.686] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl|result:{"code": 1, "total_count": 58, "abnormal_count": 18, "normal_count": 40, "alert_count": 18, "timestamp": 1765362687684, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727402005745301, "etime": 1727402005745301, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50562, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402038306759, "etime": 1727402038306759, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50599, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402008901576, "etime": 1727402008901576, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50566, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402046707877, "etime": 1727402046707877, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50611, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402040368983, "etime": 1727402040368983, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50602, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402031121565, "etime": 1727402031121565, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402037275783, "etime": 1727402037275783, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727401942918757, "etime": 1727401942918757, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402006874940, "etime": 1727402006874940, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50564, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402047713133, "etime": 1727402047713133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402050760430, "etime": 1727402050760430, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50615, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402022243621, "etime": 1727402022243621, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50582, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402041431345, "etime": 1727402041431345, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50604, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402023307021, "etime": 1727402023307021, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50584, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402026415876, "etime": 1727402026415876, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50588, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402038333213, "etime": 1727402038333213, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50600, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727402042463587, "etime": 1727402042463587, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50605, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402028447674, "etime": 1727402028447674, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50590, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402021228246, "etime": 1727402021228246, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50581, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727401942876603, "etime": 1727401942876603, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727402017103520, "etime": 1727402017103520, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50575, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402027433497, "etime": 1727402027433497, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402007884423, "etime": 1727402007884423, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50565, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402015057130, "etime": 1727402015057130, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50573, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402009915425, "etime": 1727402009915425, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50567, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402044622802, "etime": 1727402044622802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50608, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402039353390, "etime": 1727402039353390, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50601, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402040416698, "etime": 1727402040416698, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50603, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402025400061, "etime": 1727402025400061, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402014041038, "etime": 1727402014041038, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50572, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402011947782, "etime": 1727402011947782, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50569, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402023355059, "etime": 1727402023355059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402006760865, "etime": 1727402006760865, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50563, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402018150025, "etime": 1727402018150025, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402024369140, "etime": 1727402024369140, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50586, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402043478402, "etime": 1727402043478402, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402022293250, "etime": 1727402022293250, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50583, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402050768824, "etime": 1727402050768824, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402033150653, "etime": 1727402033150653, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50593, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402016088444, "etime": 1727402016088444, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50574, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402019167801, "etime": 1727402019167801, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50578, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402035181897, "etime": 1727402035181897, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50595, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402002931944, "etime": 1727402002931944, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50561, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402013009223, "etime": 1727402013009223, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50571, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402048728396, "etime": 1727402048728396, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50613, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402012000385, "etime": 1727402012000385, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50570, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402044496316, "etime": 1727402044496316, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50607, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402020212684, "etime": 1727402020212684, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50580, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402045634445, "etime": 1727402045634445, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50609, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402034167250, "etime": 1727402034167250, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50594, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402017139582, "etime": 1727402017139582, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50576, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402046650436, "etime": 1727402046650436, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50610, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402049743518, "etime": 1727402049743518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50614, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402036258352, "etime": 1727402036258352, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50597, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402019196869, "etime": 1727402019196869, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50579, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402036197160, "etime": 1727402036197160, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402010931366, "etime": 1727402010931366, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50568, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727402032135319, "etime": 1727402032135319, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50592, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 18|max_alert: 1000 [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:27.686] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24664 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl?X-Amz-Signature=b9934add63944f26c99cb8b7a8d686c78aea4c66c3daf7c0ee1929ec4be36598&X-Amz-Date=20251210T023028Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:27.686] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:27.687] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:31.778] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl|result:{"code": 1, "total_count": 54, "abnormal_count": 20, "normal_count": 34, "alert_count": 20, "timestamp": 1765362691777, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727332517362914, "etime": 1727332517362914, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51901, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332535722154, "etime": 1727332535722154, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332495738596, "etime": 1727332495738596, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51877, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727332497768888, "etime": 1727332497768888, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51879, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332496753463, "etime": 1727332496753463, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332503973067, "etime": 1727332503973067, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51886, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332507019414, "etime": 1727332507019414, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51889, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332513222123, "etime": 1727332513222123, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51896, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332489895231, "etime": 1727332489895231, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332500894355, "etime": 1727332500894355, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332495550538, "etime": 1727332495550538, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51876, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332518379458, "etime": 1727332518379458, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51902, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332524550508, "etime": 1727332524550508, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51909, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332536738110, "etime": 1727332536738110, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332516347269, "etime": 1727332516347269, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51900, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332519394376, "etime": 1727332519394376, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51903, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332428796803, "etime": 1727332428796803, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51868, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727332509128374, "etime": 1727332509128374, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51892, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332527598641, "etime": 1727332527598641, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51912, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332532674961, "etime": 1727332532674961, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51917, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332488878753, "etime": 1727332488878753, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332493525581, "etime": 1727332493525581, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51874, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727332533690902, "etime": 1727332533690902, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51918, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332530644178, "etime": 1727332530644178, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332508106468, "etime": 1727332508106468, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51891, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727332512200711, "etime": 1727332512200711, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51895, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332498785610, "etime": 1727332498785610, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51880, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332510144870, "etime": 1727332510144870, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51893, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332525566501, "etime": 1727332525566501, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51910, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332528612888, "etime": 1727332528612888, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51913, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332523519806, "etime": 1727332523519806, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51908, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332514301342, "etime": 1727332514301342, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51898, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332520410468, "etime": 1727332520410468, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51904, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332534707942, "etime": 1727332534707942, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332513279374, "etime": 1727332513279374, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51897, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332501926213, "etime": 1727332501926213, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51884, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332531659740, "etime": 1727332531659740, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332522503470, "etime": 1727332522503470, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51907, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332536747043, "etime": 1727332536747043, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332494535181, "etime": 1727332494535181, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51875, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332428855158, "etime": 1727332428855158, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51869, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332508035127, "etime": 1727332508035127, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51890, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332521488786, "etime": 1727332521488786, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51906, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332502941020, "etime": 1727332502941020, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51885, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332529628629, "etime": 1727332529628629, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51914, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332506004446, "etime": 1727332506004446, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51888, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332499800219, "etime": 1727332499800219, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51881, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332490909850, "etime": 1727332490909850, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727332504987867, "etime": 1727332504987867, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51887, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332526581421, "etime": 1727332526581421, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51911, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332515332067, "etime": 1727332515332067, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51899, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332499868446, "etime": 1727332499868446, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51882, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727332511159867, "etime": 1727332511159867, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51894, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727332520482137, "etime": 1727332520482137, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51905, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:31.778] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 20|max_alert: 1000 [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:31.779] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24665 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c2ad6e373a5644411ebbb82f2e395dc66114d93374c1b9c85ca9bf881d31e18c&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023031Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:31.779] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:35.864] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl|result:{"code": 1, "total_count": 54, "abnormal_count": 17, "normal_count": 37, "alert_count": 17, "timestamp": 1765362695862, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727331572361678, "etime": 1727331572361678, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51568, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331568281259, "etime": 1727331568281259, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51564, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727331591439868, "etime": 1727331591439868, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51586, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331599640879, "etime": 1727331599640879, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51595, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331597549423, "etime": 1727331597549423, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51592, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331601689983, "etime": 1727331601689983, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51597, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331595517828, "etime": 1727331595517828, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51590, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331602705897, "etime": 1727331602705897, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51598, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331605831075, "etime": 1727331605831075, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51602, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331588284112, "etime": 1727331588284112, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51582, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331606847249, "etime": 1727331606847249, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51603, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331607862265, "etime": 1727331607862265, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51604, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331582136529, "etime": 1727331582136529, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51576, "dest_port": 8443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727331505953815, "etime": 1727331505953815, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51556, "dest_port": 8443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727331592465242, "etime": 1727331592465242, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51587, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331594502818, "etime": 1727331594502818, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51589, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331609956063, "etime": 1727331609956063, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51607, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331610994907, "etime": 1727331610994907, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51608, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331579473070, "etime": 1727331579473070, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51575, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331568050112, "etime": 1727331568050112, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51563, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331569299655, "etime": 1727331569299655, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51565, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331573377657, "etime": 1727331573377657, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51569, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331589299198, "etime": 1727331589299198, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51583, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331612002665, "etime": 1727331612002665, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51609, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331613018948, "etime": 1727331613018948, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51610, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331575409297, "etime": 1727331575409297, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51571, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331567034233, "etime": 1727331567034233, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51562, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331566018636, "etime": 1727331566018636, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51561, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331614043761, "etime": 1727331614043761, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51612, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331614033752, "etime": 1727331614033752, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51611, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331608946481, "etime": 1727331608946481, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51606, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331598565277, "etime": 1727331598565277, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51593, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331603791849, "etime": 1727331603791849, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51600, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331584189839, "etime": 1727331584189839, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51578, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331599580680, "etime": 1727331599580680, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51594, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331570316344, "etime": 1727331570316344, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51566, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331604799871, "etime": 1727331604799871, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51601, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331577440199, "etime": 1727331577440199, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51573, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331608877397, "etime": 1727331608877397, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51605, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331578456506, "etime": 1727331578456506, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51574, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331571331217, "etime": 1727331571331217, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51567, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331603722637, "etime": 1727331603722637, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51599, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331583159854, "etime": 1727331583159854, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51577, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331596533891, "etime": 1727331596533891, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51591, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331593488345, "etime": 1727331593488345, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51588, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331587268215, "etime": 1727331587268215, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51581, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331600659343, "etime": 1727331600659343, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51596, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331506007858, "etime": 1727331506007858, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51557, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331589396958, "etime": 1727331589396958, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51584, "dest_port": 8443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727331585220916, "etime": 1727331585220916, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51579, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331574392786, "etime": 1727331574392786, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51570, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331586252591, "etime": 1727331586252591, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51580, "dest_port": 8443, "protocol": "tls", "result": "Normal"}, {"stime": 1727331576424592, "etime": 1727331576424592, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51572, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727331590409190, "etime": 1727331590409190, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51585, "dest_port": 8443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 17|max_alert: 1000 [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:35.864] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25073 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl?X-Amz-Expires=604800&X-Amz-Signature=e63fe657f06cd524e1892ada9053f94ccf98a7487147c992c75eda3c59130ad3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023034Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:35.864] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:39.869] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl|result:{"code": 1, "total_count": 53, "abnormal_count": 12, "normal_count": 41, "alert_count": 12, "timestamp": 1765362699867, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727402883683705, "etime": 1727402883683705, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50845, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402811510590, "etime": 1727402811510590, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50831, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402872684306, "etime": 1727402872684306, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50834, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402899281630, "etime": 1727402899281630, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50865, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402886776738, "etime": 1727402886776738, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50849, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402908542364, "etime": 1727402908542364, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50876, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402908600832, "etime": 1727402908600832, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50877, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402911652228, "etime": 1727402911652228, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50880, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402912669648, "etime": 1727402912669648, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50881, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402871677159, "etime": 1727402871677159, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50833, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402895027025, "etime": 1727402895027025, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50859, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402906506033, "etime": 1727402906506033, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50874, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402881605473, "etime": 1727402881605473, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50842, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402902323981, "etime": 1727402902323981, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50868, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402902375930, "etime": 1727402902375930, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50869, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402906464718, "etime": 1727402906464718, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50873, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402892995506, "etime": 1727402892995506, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50857, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402897201261, "etime": 1727402897201261, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50862, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402907527271, "etime": 1727402907527271, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50875, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402912679438, "etime": 1727402912679438, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50882, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402903404031, "etime": 1727402903404031, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50870, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402905449726, "etime": 1727402905449726, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50872, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402910636790, "etime": 1727402910636790, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50879, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402871527189, "etime": 1727402871527189, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50832, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402909620957, "etime": 1727402909620957, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50878, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402888855528, "etime": 1727402888855528, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50852, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402894012074, "etime": 1727402894012074, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50858, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402898214157, "etime": 1727402898214157, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50863, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402901308001, "etime": 1727402901308001, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50867, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402873701808, "etime": 1727402873701808, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50835, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402811470381, "etime": 1727402811470381, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50830, "dest_port": 8843, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727402887842746, "etime": 1727402887842746, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50851, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402881644205, "etime": 1727402881644205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50843, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727402880574286, "etime": 1727402880574286, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50841, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402877464921, "etime": 1727402877464921, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50837, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402879496212, "etime": 1727402879496212, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50839, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402885762085, "etime": 1727402885762085, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50848, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402887793807, "etime": 1727402887793807, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50850, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402889873111, "etime": 1727402889873111, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50853, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402890886024, "etime": 1727402890886024, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50854, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402891918934, "etime": 1727402891918934, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50855, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402879551062, "etime": 1727402879551062, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50840, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402897073980, "etime": 1727402897073980, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50861, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402899231497, "etime": 1727402899231497, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50864, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402900293000, "etime": 1727402900293000, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50866, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402878483101, "etime": 1727402878483101, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50838, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402904417731, "etime": 1727402904417731, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50871, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402891975026, "etime": 1727402891975026, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50856, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402883714526, "etime": 1727402883714526, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50846, "dest_port": 8843, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727402896058834, "etime": 1727402896058834, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50860, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402876450973, "etime": 1727402876450973, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50836, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727402882652170, "etime": 1727402882652170, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50844, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727402884731184, "etime": 1727402884731184, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50847, "dest_port": 8843, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 12|max_alert: 1000 [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:39.869] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26319 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023038Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=3d4ccffe54d087b074698d2257e5d0087346edd2c997430f105814e2e93811b5&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:39.869] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:43.850] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl|result:{"code": 1, "total_count": 53, "abnormal_count": 11, "normal_count": 42, "alert_count": 11, "timestamp": 1765362703848, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727320098904146, "etime": 1727320098904146, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50675, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320099917547, "etime": 1727320099917547, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50676, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320102995249, "etime": 1727320102995249, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50679, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320060182890, "etime": 1727320060182890, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50635, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320093745713, "etime": 1727320093745713, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50669, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320081886189, "etime": 1727320081886189, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320096792257, "etime": 1727320096792257, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50672, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320097886882, "etime": 1727320097886882, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50674, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320082901384, "etime": 1727320082901384, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50659, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320000152447, "etime": 1727320000152447, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50634, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320064276957, "etime": 1727320064276957, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320069385756, "etime": 1727320069385756, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50644, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320070401241, "etime": 1727320070401241, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50645, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320076527653, "etime": 1727320076527653, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320079839495, "etime": 1727320079839495, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50656, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320067323600, "etime": 1727320067323600, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50642, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320083995521, "etime": 1727320083995521, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320076734786, "etime": 1727320076734786, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50652, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727320092729776, "etime": 1727320092729776, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50668, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320000076551, "etime": 1727320000076551, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727320061199499, "etime": 1727320061199499, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50636, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320063247184, "etime": 1727320063247184, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320078824431, "etime": 1727320078824431, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50655, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727320094761314, "etime": 1727320094761314, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50670, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320082974313, "etime": 1727320082974313, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320065291809, "etime": 1727320065291809, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50640, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320100933504, "etime": 1727320100933504, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50677, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320085011306, "etime": 1727320085011306, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320073464342, "etime": 1727320073464342, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320074479321, "etime": 1727320074479321, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320087073377, "etime": 1727320087073377, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50664, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320101965201, "etime": 1727320101965201, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50678, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320086043943, "etime": 1727320086043943, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320105106429, "etime": 1727320105106429, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50682, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320104089602, "etime": 1727320104089602, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50681, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320066308364, "etime": 1727320066308364, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320106136019, "etime": 1727320106136019, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50683, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320107151682, "etime": 1727320107151682, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50684, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320078760806, "etime": 1727320078760806, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320075496007, "etime": 1727320075496007, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320062230506, "etime": 1727320062230506, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50637, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320068354703, "etime": 1727320068354703, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50643, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320089104525, "etime": 1727320089104525, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50666, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320103070041, "etime": 1727320103070041, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50680, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320095776821, "etime": 1727320095776821, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50671, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320107170677, "etime": 1727320107170677, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50685, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727320071432984, "etime": 1727320071432984, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50646, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320072448963, "etime": 1727320072448963, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50647, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320096875964, "etime": 1727320096875964, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50673, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727320077746064, "etime": 1727320077746064, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50653, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320080870461, "etime": 1727320080870461, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320088088967, "etime": 1727320088088967, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50665, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727320091717432, "etime": 1727320091717432, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50667, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 11|max_alert: 1000 [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:43.850] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25074 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl?X-Amz-Expires=604800&X-Amz-Signature=67ed37a1d6b7c7256edbc277e02f71e057528db1a7aed0a3e56c7f422f7df71b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023041Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:43.850] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:47.502] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl|result:{"code": 1, "total_count": 48, "abnormal_count": 1, "normal_count": 47, "alert_count": 1, "timestamp": 1765362707500, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727074834260427, "etime": 1727074834260427, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50186, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074845682246, "etime": 1727074845682246, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50197, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074860246711, "etime": 1727074860246711, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50211, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074765874796, "etime": 1727074765874796, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50177, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074852964994, "etime": 1727074852964994, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50204, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074857124243, "etime": 1727074857124243, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50208, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074872761517, "etime": 1727074872761517, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50223, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074826122240, "etime": 1727074826122240, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50179, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074872790186, "etime": 1727074872790186, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50224, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074862340259, "etime": 1727074862340259, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50213, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074847746500, "etime": 1727074847746500, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50199, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074846713405, "etime": 1727074846713405, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50198, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074850901735, "etime": 1727074850901735, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50202, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074835291750, "etime": 1727074835291750, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50187, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074840480206, "etime": 1727074840480206, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50192, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074856074677, "etime": 1727074856074677, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50207, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074830075953, "etime": 1727074830075953, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50182, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074863387495, "etime": 1727074863387495, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50214, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074864434769, "etime": 1727074864434769, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50215, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074865495529, "etime": 1727074865495529, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50216, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074870683128, "etime": 1727074870683128, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50221, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074841511448, "etime": 1727074841511448, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50193, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074848792834, "etime": 1727074848792834, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50200, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074842559329, "etime": 1727074842559329, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50194, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074829025950, "etime": 1727074829025950, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50181, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074763540506, "etime": 1727074763540506, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50176, "dest_port": 801, "protocol": "tls", "result": "Normal"}, {"stime": 1727074854011256, "etime": 1727074854011256, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50205, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074861292394, "etime": 1727074861292394, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50212, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074868590284, "etime": 1727074868590284, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50219, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074849854765, "etime": 1727074849854765, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50201, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074855042830, "etime": 1727074855042830, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50206, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074831120204, "etime": 1727074831120204, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50183, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074838401003, "etime": 1727074838401003, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50190, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074871715837, "etime": 1727074871715837, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50222, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074836339463, "etime": 1727074836339463, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50188, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074851934564, "etime": 1727074851934564, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50203, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074858167627, "etime": 1727074858167627, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50209, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074866527466, "etime": 1727074866527466, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50217, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074827975951, "etime": 1727074827975951, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50180, "dest_port": 4431, "protocol": "tls", "result": "Behinder"}, {"stime": 1727074832167133, "etime": 1727074832167133, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50184, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074867558797, "etime": 1727074867558797, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50218, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074869636512, "etime": 1727074869636512, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50220, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074859213980, "etime": 1727074859213980, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50210, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074837370239, "etime": 1727074837370239, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50189, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074844651310, "etime": 1727074844651310, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50196, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074843604831, "etime": 1727074843604831, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50195, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074833215283, "etime": 1727074833215283, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50185, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727074839448954, "etime": 1727074839448954, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50191, "dest_port": 4431, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:47.502] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24666 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b3dba2b494f78f295abd9598eaad1fe19c0fb3483e2097b68dc186589e0089c9&X-Amz-Date=20251210T023044Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:47.502] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:49.761] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl|result:{"code": 1, "total_count": 30, "abnormal_count": 9, "normal_count": 21, "alert_count": 9, "timestamp": 1765362709760, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1730304949888359, "etime": 1730304949888359, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51028, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304819850365, "etime": 1730304819850365, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51013, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304759782505, "etime": 1730304759782505, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51007, "dest_port": 7777, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1730304879860497, "etime": 1730304879860497, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51021, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305010384296, "etime": 1730305010384296, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51045, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305033539227, "etime": 1730305033539227, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51051, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304759835225, "etime": 1730304759835225, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51008, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305043695832, "etime": 1730305043695832, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51056, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730304969907455, "etime": 1730304969907455, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51031, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304959898373, "etime": 1730304959898373, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51030, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305063939780, "etime": 1730305063939780, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51061, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305023522040, "etime": 1730305023522040, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51049, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305033631741, "etime": 1730305033631741, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51052, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730304939875146, "etime": 1730304939875146, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51026, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305000361869, "etime": 1730305000361869, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51042, "dest_port": 7777, "protocol": "tls", "result": "Godzilla"}, {"stime": 1730304990008499, "etime": 1730304990008499, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51038, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305063719298, "etime": 1730305063719298, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51060, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305104067735, "etime": 1730305104067735, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51069, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304969980612, "etime": 1730304969980612, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51033, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305104071857, "etime": 1730305104071857, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51070, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305053707761, "etime": 1730305053707761, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51058, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305073953196, "etime": 1730305073953196, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51062, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305000094694, "etime": 1730305000094694, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51041, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304979995228, "etime": 1730304979995228, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51034, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305020396361, "etime": 1730305020396361, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51047, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730304990075614, "etime": 1730304990075614, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51039, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305077205235, "etime": 1730305077205235, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51063, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}, {"stime": 1730305043646197, "etime": 1730305043646197, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51055, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305087213229, "etime": 1730305087213229, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51065, "dest_port": 7777, "protocol": "tls", "result": "Normal"}, {"stime": 1730305094058057, "etime": 1730305094058057, "src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "src_port": 51067, "dest_port": 7777, "protocol": "tls", "result": "Antsword"}]} [2025-12-10 10:31:49.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 9|max_alert: 1000 [2025-12-10 10:31:49.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:49.761] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:49.762] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25075 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023047Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2b8eaedca2310b328d79e2c23bb57e8a14e1598c6e61226f3958a11de146242f&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:49.762] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:49.839] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362709838, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726283902711032, "etime": 1726283902711032, "src_ip": "10.0.4.15", "dest_ip": "111.53.218.171", "src_port": 3389, "dest_port": 6945, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:31:49.839] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24667 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f1891fa05713d614dc49cdeed82bb5d0d08c6263129caf67159e0b9d09ea73ad&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023050Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:49.839] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:52.802] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl|result:{"code": 1, "total_count": 39, "abnormal_count": 22, "normal_count": 17, "alert_count": 22, "timestamp": 1765362712801, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727321196683150, "etime": 1727321196683150, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50855, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321218135896, "etime": 1727321218135896, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50878, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321205393543, "etime": 1727321205393543, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50862, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321202341643, "etime": 1727321202341643, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50859, "dest_port": 8989, "protocol": "tls", "result": "Antsword"}, {"stime": 1727321214870746, "etime": 1727321214870746, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50874, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321217125953, "etime": 1727321217125953, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50877, "dest_port": 8989, "protocol": "tls", "result": "Antsword"}, {"stime": 1727321215901821, "etime": 1727321215901821, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50875, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321227423703, "etime": 1727321227423703, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50888, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321195667038, "etime": 1727321195667038, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50854, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321227449806, "etime": 1727321227449806, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50889, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321204370167, "etime": 1727321204370167, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50861, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321207541838, "etime": 1727321207541838, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50865, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321198729318, "etime": 1727321198729318, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50857, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321208636630, "etime": 1727321208636630, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50867, "dest_port": 8989, "protocol": "tls", "result": "Behinder"}, {"stime": 1727321210697970, "etime": 1727321210697970, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50869, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321212824228, "etime": 1727321212824228, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50872, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321225385898, "etime": 1727321225385898, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50886, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321219168567, "etime": 1727321219168567, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50879, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321226401235, "etime": 1727321226401235, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50887, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321216917608, "etime": 1727321216917608, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50876, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321224370815, "etime": 1727321224370815, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50885, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321194636091, "etime": 1727321194636091, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50853, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321208558795, "etime": 1727321208558795, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50866, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321206448266, "etime": 1727321206448266, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50863, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321203354668, "etime": 1727321203354668, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50860, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321209667716, "etime": 1727321209667716, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50868, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321211803143, "etime": 1727321211803143, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50871, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321220198531, "etime": 1727321220198531, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50880, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321199745976, "etime": 1727321199745976, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50858, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321222244683, "etime": 1727321222244683, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50882, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321197714502, "etime": 1727321197714502, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50856, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321213855350, "etime": 1727321213855350, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50873, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321223260831, "etime": 1727321223260831, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50883, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321211714685, "etime": 1727321211714685, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50870, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321134607807, "etime": 1727321134607807, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50852, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321206530834, "etime": 1727321206530834, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50864, "dest_port": 8989, "protocol": "tls", "result": "Antsword"}, {"stime": 1727321223349040, "etime": 1727321223349040, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50884, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727321221214347, "etime": 1727321221214347, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50881, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727321134544413, "etime": 1727321134544413, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50851, "dest_port": 8989, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 22|max_alert: 1000 [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:52.802] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26320 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl?X-Amz-Date=20251210T023053Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1917a8409434b9c1703cf3b45c0347abaed8e8cc6c7dff81b491cf7e4e798538"} [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:52.802] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:55.578] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl|result:{"code": 1, "total_count": 37, "abnormal_count": 17, "normal_count": 20, "alert_count": 17, "timestamp": 1765362715577, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727318153589766, "etime": 1727318153589766, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50128, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318126122123, "etime": 1727318126122123, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50096, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318142075036, "etime": 1727318142075036, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50115, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318145167923, "etime": 1727318145167923, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50118, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318129195465, "etime": 1727318129195465, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50100, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318134886706, "etime": 1727318134886706, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50105, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318150534950, "etime": 1727318150534950, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50125, "dest_port": 8989, "protocol": "tls", "result": "Antsword"}, {"stime": 1727318135903364, "etime": 1727318135903364, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50106, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318127137208, "etime": 1727318127137208, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50098, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318150340728, "etime": 1727318150340728, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50124, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318138950114, "etime": 1727318138950114, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50110, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318156730606, "etime": 1727318156730606, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50133, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318128155714, "etime": 1727318128155714, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50099, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318144136799, "etime": 1727318144136799, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50117, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318149308949, "etime": 1727318149308949, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50123, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318151543583, "etime": 1727318151543583, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50126, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318136917770, "etime": 1727318136917770, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50107, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318066104711, "etime": 1727318066104711, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50085, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318139965644, "etime": 1727318139965644, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50112, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318066046688, "etime": 1727318066046688, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50084, "dest_port": 8989, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727318131827185, "etime": 1727318131827185, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50102, "dest_port": 8989, "protocol": "tls", "result": "Behinder"}, {"stime": 1727318140980953, "etime": 1727318140980953, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50113, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318146184023, "etime": 1727318146184023, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50119, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318146250199, "etime": 1727318146250199, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50120, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318157746651, "etime": 1727318157746651, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50134, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318143122542, "etime": 1727318143122542, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50116, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318137934198, "etime": 1727318137934198, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50108, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318153669587, "etime": 1727318153669587, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50129, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318155715421, "etime": 1727318155715421, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50132, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318141058883, "etime": 1727318141058883, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50114, "dest_port": 8989, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727318157756917, "etime": 1727318157756917, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50135, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318152559199, "etime": 1727318152559199, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50127, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318133870740, "etime": 1727318133870740, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50104, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318148293210, "etime": 1727318148293210, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50122, "dest_port": 8989, "protocol": "tls", "result": "Normal"}, {"stime": 1727318154699248, "etime": 1727318154699248, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50131, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318147261972, "etime": 1727318147261972, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50121, "dest_port": 8989, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727318132856173, "etime": 1727318132856173, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 50103, "dest_port": 8989, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 17|max_alert: 1000 [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:55.578] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26321 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023057Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=241744615c6fbd0b8c018e753dfc7d6fa0683f144e7d54d834f3f6a6a1e8eee3"} [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:55.578] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:55.579] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:31:58.305] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl|result:{"code": 1, "total_count": 36, "abnormal_count": 8, "normal_count": 28, "alert_count": 8, "timestamp": 1765362718303, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727322514751810, "etime": 1727322514751810, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51271, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727322596151668, "etime": 1727322596151668, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51295, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322601323736, "etime": 1727322601323736, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51301, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322580542891, "etime": 1727322580542891, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51277, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322595137737, "etime": 1727322595137737, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51294, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727322584840497, "etime": 1727322584840497, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51282, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322600309213, "etime": 1727322600309213, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322577501959, "etime": 1727322577501959, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51274, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727322588963769, "etime": 1727322588963769, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51287, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322592010826, "etime": 1727322592010826, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51290, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322599291691, "etime": 1727322599291691, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51299, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322583604974, "etime": 1727322583604974, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51280, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727322589979589, "etime": 1727322589979589, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51288, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322582588650, "etime": 1727322582588650, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51279, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322578511116, "etime": 1727322578511116, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51275, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322598198511, "etime": 1727322598198511, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51297, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727322597183384, "etime": 1727322597183384, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51296, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322593026691, "etime": 1727322593026691, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51291, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322574839952, "etime": 1727322574839952, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51273, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322581574128, "etime": 1727322581574128, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51278, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322585854379, "etime": 1727322585854379, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51283, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322579527444, "etime": 1727322579527444, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51276, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322586870773, "etime": 1727322586870773, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51284, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322605387647, "etime": 1727322605387647, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51305, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727322595058060, "etime": 1727322595058060, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51293, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322604370402, "etime": 1727322604370402, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322598273032, "etime": 1727322598273032, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51298, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322590995236, "etime": 1727322590995236, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51289, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322602339502, "etime": 1727322602339502, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51302, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322514816355, "etime": 1727322514816355, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51272, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322583827126, "etime": 1727322583827126, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51281, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727322587948889, "etime": 1727322587948889, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51286, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322586936740, "etime": 1727322586936740, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51285, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727322603355013, "etime": 1727322603355013, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51303, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322605406952, "etime": 1727322605406952, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51306, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727322594042027, "etime": 1727322594042027, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51292, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 8|max_alert: 1000 [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:31:58.305] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25076 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=73f521f3348974037c706b45696a13ac84e70339dfeb403016885018bd054546&X-Amz-Date=20251210T023100Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:31:58.305] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:02.989] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl|result:{"code": 1, "total_count": 62, "abnormal_count": 24, "normal_count": 38, "alert_count": 24, "timestamp": 1765362722988, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727407600626462, "etime": 1727407600626462, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49789, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407635320641, "etime": 1727407635320641, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49824, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407638378480, "etime": 1727407638378480, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49828, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407604233339, "etime": 1727407604233339, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49790, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727407614450969, "etime": 1727407614450969, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49804, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407609353567, "etime": 1727407609353567, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49797, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407634304712, "etime": 1727407634304712, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49823, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727407642450297, "etime": 1727407642450297, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49833, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407645530878, "etime": 1727407645530878, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49837, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407641436214, "etime": 1727407641436214, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49832, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407629190245, "etime": 1727407629190245, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49817, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407625135533, "etime": 1727407625135533, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49813, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727407595563335, "etime": 1727407595563335, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49784, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727407606259147, "etime": 1727407606259147, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49792, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407647568252, "etime": 1727407647568252, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49839, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407618519725, "etime": 1727407618519725, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49808, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407610361104, "etime": 1727407610361104, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49798, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407622049509, "etime": 1727407622049509, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49809, "dest_port": 8843, "protocol": "tls", "result": "Antsword"}, {"stime": 1727407627161884, "etime": 1727407627161884, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49815, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407640421873, "etime": 1727407640421873, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49831, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407607303731, "etime": 1727407607303731, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49794, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407594480375, "etime": 1727407594480375, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49782, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407639408416, "etime": 1727407639408416, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49830, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407648581152, "etime": 1727407648581152, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49840, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407609331268, "etime": 1727407609331268, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49796, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407612404800, "etime": 1727407612404800, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49801, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407611374802, "etime": 1727407611374802, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49799, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407633262367, "etime": 1727407633262367, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49821, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407613418302, "etime": 1727407613418302, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49802, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407611391621, "etime": 1727407611391621, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49800, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407636352279, "etime": 1727407636352279, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49826, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407534410295, "etime": 1727407534410295, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49780, "dest_port": 8843, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727407596571162, "etime": 1727407596571162, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49785, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407630204156, "etime": 1727407630204156, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49818, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407638396115, "etime": 1727407638396115, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49829, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407617505864, "etime": 1727407617505864, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49807, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407628176002, "etime": 1727407628176002, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49816, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407599612512, "etime": 1727407599612512, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49788, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407616476799, "etime": 1727407616476799, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49806, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407632247834, "etime": 1727407632247834, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49820, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407534463177, "etime": 1727407534463177, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49781, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407615462789, "etime": 1727407615462789, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49805, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407646538028, "etime": 1727407646538028, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49838, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407634276157, "etime": 1727407634276157, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49822, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407597584279, "etime": 1727407597584279, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49786, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407645508096, "etime": 1727407645508096, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49836, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407637365476, "etime": 1727407637365476, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49827, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407605244566, "etime": 1727407605244566, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49791, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407614433007, "etime": 1727407614433007, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49803, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407643479872, "etime": 1727407643479872, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49834, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407626148174, "etime": 1727407626148174, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49814, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407595493899, "etime": 1727407595493899, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49783, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407625087519, "etime": 1727407625087519, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49812, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407644493895, "etime": 1727407644493895, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49835, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407606290041, "etime": 1727407606290041, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49793, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407636335162, "etime": 1727407636335162, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49825, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407648592070, "etime": 1727407648592070, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49841, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407598598966, "etime": 1727407598598966, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49787, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407631233788, "etime": 1727407631233788, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49819, "dest_port": 8843, "protocol": "tls", "result": "Behinder"}, {"stime": 1727407623059084, "etime": 1727407623059084, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49810, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407624073919, "etime": 1727407624073919, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49811, "dest_port": 8843, "protocol": "tls", "result": "Normal"}, {"stime": 1727407608317622, "etime": 1727407608317622, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49795, "dest_port": 8843, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 24|max_alert: 1000 [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:02.989] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24668 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023103Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=03180afc74019752ad3eec383e52d5788874c4f425020956737a34945f8a0f25"} [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:02.989] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:02.990] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:03.069] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362723068, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726646047170840, "etime": 1726646047170840, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49307, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:03.069] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25077 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b9261f7d6907af4ad83003cddac128c85937af5f52b19d8b20fdc3e2b400444b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023106Z&X-Amz-Expires=604800"} [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:03.069] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:11.261] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl|result:{"code": 0, "total_count": 109, "abnormal_count": 0, "normal_count": 109, "alert_count": 0, "timestamp": 1765362731259, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727407004972461, "etime": 1727407004972461, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49586, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406978981830, "etime": 1727406978981830, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49559, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407017138256, "etime": 1727407017138256, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49598, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406939341326, "etime": 1727406939341326, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49519, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406971821156, "etime": 1727406971821156, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49551, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406984066936, "etime": 1727406984066936, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49565, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406879336359, "etime": 1727406879336359, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49518, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406958638216, "etime": 1727406958638216, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49538, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406995783453, "etime": 1727406995783453, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49574, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407015110704, "etime": 1727407015110704, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49596, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406967764280, "etime": 1727406967764280, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49547, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406987108477, "etime": 1727406987108477, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49568, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406976890582, "etime": 1727406976890582, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49556, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406982023749, "etime": 1727406982023749, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49562, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407004955069, "etime": 1727407004955069, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49585, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407009026692, "etime": 1727407009026692, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49590, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406949512429, "etime": 1727406949512429, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49529, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407012068456, "etime": 1727407012068456, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49593, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407018171921, "etime": 1727407018171921, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49600, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407026311522, "etime": 1727407026311522, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49609, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407029368823, "etime": 1727407029368823, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49613, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407029411488, "etime": 1727407029411488, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49614, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407032442196, "etime": 1727407032442196, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49617, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407041139764, "etime": 1727407041139764, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49625, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406968779701, "etime": 1727406968779701, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49548, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406955596587, "etime": 1727406955596587, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49535, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406947484195, "etime": 1727406947484195, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49527, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406982043051, "etime": 1727406982043051, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49563, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406945440986, "etime": 1727406945440986, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49525, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407008012966, "etime": 1727407008012966, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49589, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407038080015, "etime": 1727407038080015, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49620, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406976955611, "etime": 1727406976955611, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49557, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407003940904, "etime": 1727407003940904, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49584, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406948498310, "etime": 1727406948498310, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49528, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406953568453, "etime": 1727406953568453, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49533, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406988122528, "etime": 1727406988122528, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49569, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407011054504, "etime": 1727407011054504, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49592, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407041131718, "etime": 1727407041131718, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49624, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406999869971, "etime": 1727406999869971, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49579, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407022224722, "etime": 1727407022224722, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49604, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406952554772, "etime": 1727406952554772, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49532, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407039105194, "etime": 1727407039105194, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49622, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407000883336, "etime": 1727407000883336, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49580, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407021210879, "etime": 1727407021210879, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49603, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407027341342, "etime": 1727407027341342, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49611, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406989136598, "etime": 1727406989136598, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49570, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406944426887, "etime": 1727406944426887, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49524, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406962694242, "etime": 1727406962694242, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49542, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406940371019, "etime": 1727406940371019, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49520, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406994771208, "etime": 1727406994771208, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49573, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407013082823, "etime": 1727407013082823, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49594, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406972834513, "etime": 1727406972834513, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49552, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406957624761, "etime": 1727406957624761, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49537, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407002926031, "etime": 1727407002926031, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49583, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406963708959, "etime": 1727406963708959, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49543, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407019182574, "etime": 1727407019182574, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49601, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407023239099, "etime": 1727407023239099, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49605, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406941384813, "etime": 1727406941384813, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49521, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406879324061, "etime": 1727406879324061, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49517, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406981008835, "etime": 1727406981008835, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49561, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406977967492, "etime": 1727406977967492, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49558, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406973848648, "etime": 1727406973848648, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49553, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407025297208, "etime": 1727407025297208, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49608, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407016124983, "etime": 1727407016124983, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49597, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407026328530, "etime": 1727407026328530, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49610, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407031428386, "etime": 1727407031428386, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49616, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406946469541, "etime": 1727406946469541, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49526, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406985080393, "etime": 1727406985080393, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49566, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406950526167, "etime": 1727406950526167, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49530, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406993762503, "etime": 1727406993762503, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49572, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407010040583, "etime": 1727407010040583, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49591, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407024252720, "etime": 1727407024252720, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49606, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406956610473, "etime": 1727406956610473, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49536, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406983052271, "etime": 1727406983052271, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49564, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406966750682, "etime": 1727406966750682, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49546, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407024282700, "etime": 1727407024282700, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49607, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406954582396, "etime": 1727406954582396, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49534, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407002911465, "etime": 1727407002911465, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49582, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407033456288, "etime": 1727407033456288, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49618, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406965736736, "etime": 1727406965736736, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49545, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406969792621, "etime": 1727406969792621, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49549, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406974862320, "etime": 1727406974862320, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49554, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406975876917, "etime": 1727406975876917, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49555, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406997810289, "etime": 1727406997810289, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49576, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407018152460, "etime": 1727407018152460, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49599, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406960667101, "etime": 1727406960667101, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49540, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407020196540, "etime": 1727407020196540, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49602, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407030414230, "etime": 1727407030414230, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49615, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406986094422, "etime": 1727406986094422, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49567, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406990150401, "etime": 1727406990150401, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49571, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407040117322, "etime": 1727407040117322, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49623, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406996796337, "etime": 1727406996796337, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49575, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406943412692, "etime": 1727406943412692, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49523, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406998824087, "etime": 1727406998824087, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49577, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407028356331, "etime": 1727407028356331, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49612, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407005984593, "etime": 1727407005984593, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49587, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406999838285, "etime": 1727406999838285, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49578, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406970806468, "etime": 1727406970806468, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49550, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407014096405, "etime": 1727407014096405, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49595, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407034470275, "etime": 1727407034470275, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49619, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407001897566, "etime": 1727407001897566, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49581, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407006998527, "etime": 1727407006998527, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49588, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407039087737, "etime": 1727407039087737, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49621, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406961680540, "etime": 1727406961680540, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49541, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406959653081, "etime": 1727406959653081, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49539, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406951540562, "etime": 1727406951540562, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49531, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406979995227, "etime": 1727406979995227, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49560, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406942398829, "etime": 1727406942398829, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49522, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727406964722924, "etime": 1727406964722924, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49544, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:32:11.261] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24669 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023109Z&X-Amz-Signature=2620ff3c1fc239853b14dd3a89abb48b0a9e84ff1f9af6872a68971ed3b8b6d7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:11.261] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:11.262] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:15.045] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl|result:{"code": 1, "total_count": 50, "abnormal_count": 1, "normal_count": 49, "alert_count": 1, "timestamp": 1765362735043, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727153343899471, "etime": 1727153343899471, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55762, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153322359550, "etime": 1727153322359550, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55740, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153333656576, "etime": 1727153333656576, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55751, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153346985828, "etime": 1727153346985828, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55765, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153351115206, "etime": 1727153351115206, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55769, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153353174214, "etime": 1727153353174214, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55771, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153358317675, "etime": 1727153358317675, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55776, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153360375131, "etime": 1727153360375131, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55778, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153363445721, "etime": 1727153363445721, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55781, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153364469442, "etime": 1727153364469442, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55782, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153365502443, "etime": 1727153365502443, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55783, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153341844273, "etime": 1727153341844273, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55760, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153324397735, "etime": 1727153324397735, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55742, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153355240124, "etime": 1727153355240124, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55773, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153329557003, "etime": 1727153329557003, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55747, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153331623225, "etime": 1727153331623225, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55749, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153332645621, "etime": 1727153332645621, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55750, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153336713426, "etime": 1727153336713426, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55754, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153344914074, "etime": 1727153344914074, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55763, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153337732620, "etime": 1727153337732620, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55755, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153342873856, "etime": 1727153342873856, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55761, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153254859530, "etime": 1727153254859530, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55734, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153359343115, "etime": 1727153359343115, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55777, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153252243740, "etime": 1727153252243740, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55733, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727153323381759, "etime": 1727153323381759, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55741, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153362423359, "etime": 1727153362423359, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55780, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153327493111, "etime": 1727153327493111, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55745, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153354200890, "etime": 1727153354200890, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55772, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153321309719, "etime": 1727153321309719, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55739, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153320283205, "etime": 1727153320283205, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55738, "dest_port": 9443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727153326457400, "etime": 1727153326457400, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55744, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153345951943, "etime": 1727153345951943, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55764, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153366545028, "etime": 1727153366545028, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55784, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153339797533, "etime": 1727153339797533, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55757, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153350084956, "etime": 1727153350084956, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55768, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153352147992, "etime": 1727153352147992, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55770, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153366552220, "etime": 1727153366552220, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55785, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153349051461, "etime": 1727153349051461, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55767, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153325432656, "etime": 1727153325432656, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55743, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153357288042, "etime": 1727153357288042, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55775, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153356264385, "etime": 1727153356264385, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55774, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153330580201, "etime": 1727153330580201, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55748, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153335698495, "etime": 1727153335698495, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55753, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153340816684, "etime": 1727153340816684, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55758, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153361394648, "etime": 1727153361394648, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55779, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153348012770, "etime": 1727153348012770, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55766, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153314929332, "etime": 1727153314929332, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55737, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153328517493, "etime": 1727153328517493, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55746, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153334666239, "etime": 1727153334666239, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55752, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153338756442, "etime": 1727153338756442, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55756, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:15.045] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25078 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023112Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b9c57702980101afb6d0a439219e2cdd8db929077f314d5cb5b740eea18f03d3"} [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:15.045] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:19.404] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl|result:{"code": 1, "total_count": 58, "abnormal_count": 18, "normal_count": 40, "alert_count": 18, "timestamp": 1765362739402, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727406736167053, "etime": 1727406736167053, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49468, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406758116454, "etime": 1727406758116454, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49491, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406756087515, "etime": 1727406756087515, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49489, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406762254659, "etime": 1727406762254659, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49497, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406778958045, "etime": 1727406778958045, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49511, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406669686923, "etime": 1727406669686923, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49458, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727406782046464, "etime": 1727406782046464, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49516, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406737180636, "etime": 1727406737180636, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49469, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406782030390, "etime": 1727406782030390, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49515, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406746867970, "etime": 1727406746867970, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406778980955, "etime": 1727406778980955, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49512, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406767335178, "etime": 1727406767335178, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49502, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406754029099, "etime": 1727406754029099, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49486, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406779987621, "etime": 1727406779987621, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49513, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406747897995, "etime": 1727406747897995, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406759146065, "etime": 1727406759146065, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49492, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406742797903, "etime": 1727406742797903, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49473, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406744824773, "etime": 1727406744824773, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406669967219, "etime": 1727406669967219, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49460, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406750939574, "etime": 1727406750939574, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49482, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406761220761, "etime": 1727406761220761, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406759197833, "etime": 1727406759197833, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49493, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727406731018645, "etime": 1727406731018645, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49462, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406768350195, "etime": 1727406768350195, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49503, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406769363678, "etime": 1727406769363678, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49504, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406770377473, "etime": 1727406770377473, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49505, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406735152900, "etime": 1727406735152900, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49467, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406754046655, "etime": 1727406754046655, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49487, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727406771392038, "etime": 1727406771392038, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49506, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406729989085, "etime": 1727406729989085, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406746885578, "etime": 1727406746885578, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49478, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406732102910, "etime": 1727406732102910, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49464, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727406776929131, "etime": 1727406776929131, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49509, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406757101921, "etime": 1727406757101921, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406774891672, "etime": 1727406774891672, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49507, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727406734139239, "etime": 1727406734139239, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49466, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406752983134, "etime": 1727406752983134, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49484, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406753016919, "etime": 1727406753016919, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49485, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727406781016537, "etime": 1727406781016537, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49514, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406732032803, "etime": 1727406732032803, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49463, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406743810719, "etime": 1727406743810719, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406751969633, "etime": 1727406751969633, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49483, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406760206550, "etime": 1727406760206550, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406764293641, "etime": 1727406764293641, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49499, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406765307562, "etime": 1727406765307562, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49500, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406762234859, "etime": 1727406762234859, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49496, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406740746821, "etime": 1727406740746821, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49470, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727406745854869, "etime": 1727406745854869, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49476, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406777943566, "etime": 1727406777943566, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49510, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406733125390, "etime": 1727406733125390, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49465, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406749925797, "etime": 1727406749925797, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49481, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406748912276, "etime": 1727406748912276, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406755058768, "etime": 1727406755058768, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49488, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406763279335, "etime": 1727406763279335, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49498, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406741751826, "etime": 1727406741751826, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406775915694, "etime": 1727406775915694, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727406741780759, "etime": 1727406741780759, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49472, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727406766321747, "etime": 1727406766321747, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49501, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 18|max_alert: 1000 [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:19.404] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24670 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023116Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=74e940af7d1b67cc2a8acefbe48b39b9b37ba5b02a320a7429ded8ef5bffe921&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:19.404] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:19.481] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362739480, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645925627936, "etime": 1726645925627936, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49306, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:19.481] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26322 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023119Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9688bd0686d3f31361b5cfa5df67f504dc0b2ce60de427aa5109ee770763a737&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:19.481] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:19.560] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362739559, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645925627936, "etime": 1726645925627936, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49306, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:19.560] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24671 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023122Z&X-Amz-SignedHeaders=host&X-Amz-Signature=aeafb9021326ae17c2aff99fd51e7c8b8265a48ddb5cd43b0f1cfc8d6e57e036"} [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:19.560] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:19.639] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362739638, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726646047170840, "etime": 1726646047170840, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49307, "dest_port": 50050, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:19.639] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26323 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023125Z&X-Amz-Signature=b1864575f96a3d309bd511cae209113bbf182b3c78a220e04c864a33d18e20f8"} [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:19.639] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:28.573] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl|result:{"code": 0, "total_count": 116, "abnormal_count": 0, "normal_count": 116, "alert_count": 0, "timestamp": 1765362748570, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727056679242188, "etime": 1727056679242188, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57773, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056695883299, "etime": 1727056695883299, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57789, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056749160268, "etime": 1727056749160268, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57843, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056700021099, "etime": 1727056700021099, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57793, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056661267265, "etime": 1727056661267265, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57755, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056660226728, "etime": 1727056660226728, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57754, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056667462438, "etime": 1727056667462438, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57761, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056736519309, "etime": 1727056736519309, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57828, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056742841755, "etime": 1727056742841755, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57835, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056651914079, "etime": 1727056651914079, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57746, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056733265481, "etime": 1727056733265481, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57825, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056643482821, "etime": 1727056643482821, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57738, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056689706805, "etime": 1727056689706805, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57783, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056743875247, "etime": 1727056743875247, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57836, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056668496516, "etime": 1727056668496516, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57762, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056671980344, "etime": 1727056671980344, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57766, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056678208190, "etime": 1727056678208190, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57772, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056659178774, "etime": 1727056659178774, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57753, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056693813780, "etime": 1727056693813780, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57787, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056746049247, "etime": 1727056746049247, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57840, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056645537502, "etime": 1727056645537502, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57740, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056652943478, "etime": 1727056652943478, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57747, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056724749214, "etime": 1727056724749214, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57816, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056719521023, "etime": 1727056719521023, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57811, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056656051911, "etime": 1727056656051911, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57750, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056744980908, "etime": 1727056744980908, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57838, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056728973369, "etime": 1727056728973369, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57820, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056720553484, "etime": 1727056720553484, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57812, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056690741674, "etime": 1727056690741674, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57784, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056748118286, "etime": 1727056748118286, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57842, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056757592660, "etime": 1727056757592660, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57851, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056740723798, "etime": 1727056740723798, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57832, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056723667846, "etime": 1727056723667846, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57815, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056726843499, "etime": 1727056726843499, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57818, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056666421046, "etime": 1727056666421046, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57760, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056670954848, "etime": 1727056670954848, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57765, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056727911677, "etime": 1727056727911677, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57819, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056753369612, "etime": 1727056753369612, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57847, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056687606743, "etime": 1727056687606743, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57781, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056713313779, "etime": 1727056713313779, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57804, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056709125142, "etime": 1727056709125142, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57799, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056682418301, "etime": 1727056682418301, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57776, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056704963098, "etime": 1727056704963098, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57795, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056643029452, "etime": 1727056643029452, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57737, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056746013639, "etime": 1727056746013639, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57839, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056655013728, "etime": 1727056655013728, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57749, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056692790171, "etime": 1727056692790171, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57786, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056721582003, "etime": 1727056721582003, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57813, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056722619749, "etime": 1727056722619749, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57814, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056657101006, "etime": 1727056657101006, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57751, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056658141878, "etime": 1727056658141878, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57752, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056653977586, "etime": 1727056653977586, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57748, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056715384726, "etime": 1727056715384726, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57806, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056648645783, "etime": 1727056648645783, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57743, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056758656511, "etime": 1727056758656511, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57853, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056669538796, "etime": 1727056669538796, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57763, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056680351291, "etime": 1727056680351291, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57774, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056730044729, "etime": 1727056730044729, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57821, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056691768464, "etime": 1727056691768464, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57785, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056703930527, "etime": 1727056703930527, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57794, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056708084335, "etime": 1727056708084335, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57798, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056744931987, "etime": 1727056744931987, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57837, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056750202630, "etime": 1727056750202630, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57844, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056683457144, "etime": 1727056683457144, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57777, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056735460837, "etime": 1727056735460837, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57827, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056681376763, "etime": 1727056681376763, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57775, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056582972957, "etime": 1727056582972957, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57734, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056742814133, "etime": 1727056742814133, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57834, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056582923821, "etime": 1727056582923821, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57733, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056677167966, "etime": 1727056677167966, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57771, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056664371351, "etime": 1727056664371351, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57758, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056649688246, "etime": 1727056649688246, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57744, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056669920496, "etime": 1727056669920496, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57764, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056675071404, "etime": 1727056675071404, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57769, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056707046026, "etime": 1727056707046026, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57797, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056663332577, "etime": 1727056663332577, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57757, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056737581004, "etime": 1727056737581004, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57829, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056676129859, "etime": 1727056676129859, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57770, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056716421435, "etime": 1727056716421435, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57807, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056714352028, "etime": 1727056714352028, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57805, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056741772446, "etime": 1727056741772446, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57833, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056758627353, "etime": 1727056758627353, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57852, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056644509074, "etime": 1727056644509074, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57739, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056712267148, "etime": 1727056712267148, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57803, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056710178620, "etime": 1727056710178620, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57800, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056755460630, "etime": 1727056755460630, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57849, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056711217952, "etime": 1727056711217952, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57801, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056752324989, "etime": 1727056752324989, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57846, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056756512672, "etime": 1727056756512672, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57850, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056650840091, "etime": 1727056650840091, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57745, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056673007648, "etime": 1727056673007648, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57767, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056698980098, "etime": 1727056698980098, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57792, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056717453412, "etime": 1727056717453412, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57809, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056747088587, "etime": 1727056747088587, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57841, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056732205720, "etime": 1727056732205720, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57824, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056685536131, "etime": 1727056685536131, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57779, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056705995723, "etime": 1727056705995723, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57796, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056738636558, "etime": 1727056738636558, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57830, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056646572575, "etime": 1727056646572575, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57741, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056751258441, "etime": 1727056751258441, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57845, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056674036400, "etime": 1727056674036400, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57768, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056647606635, "etime": 1727056647606635, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57742, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056662300648, "etime": 1727056662300648, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57756, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056697931980, "etime": 1727056697931980, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57791, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056684502363, "etime": 1727056684502363, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57778, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056696906008, "etime": 1727056696906008, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57790, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056665406586, "etime": 1727056665406586, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57759, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056725797678, "etime": 1727056725797678, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57817, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056734430440, "etime": 1727056734430440, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57826, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056686582593, "etime": 1727056686582593, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57780, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056688653859, "etime": 1727056688653859, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57782, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056718488241, "etime": 1727056718488241, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57810, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056731137056, "etime": 1727056731137056, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57822, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056694844937, "etime": 1727056694844937, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57788, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056754417973, "etime": 1727056754417973, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57848, "dest_port": 8888, "protocol": "tls", "result": "Normal"}, {"stime": 1727056739690030, "etime": 1727056739690030, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 57831, "dest_port": 8888, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:32:28.573] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25079 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023128Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=20b8ec515415c6b3903b50d20a53b96a9d033e4ad6c9139c1f413e5c6d2391ce"} [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:28.573] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:32.611] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl|result:{"code": 1, "total_count": 53, "abnormal_count": 2, "normal_count": 51, "alert_count": 2, "timestamp": 1765362752610, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727149479704024, "etime": 1727149479704024, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149474556279, "etime": 1727149474556279, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55311, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149462280909, "etime": 1727149462280909, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55298, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149508924965, "etime": 1727149508924965, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55359, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149475584890, "etime": 1727149475584890, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149461260090, "etime": 1727149461260090, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149499265435, "etime": 1727149499265435, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55336, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149482806997, "etime": 1727149482806997, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55319, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149467375789, "etime": 1727149467375789, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55303, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149465339427, "etime": 1727149465339427, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55301, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149477649501, "etime": 1727149477649501, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55314, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149490037709, "etime": 1727149490037709, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55326, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149458180430, "etime": 1727149458180430, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55294, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727149460230855, "etime": 1727149460230855, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55296, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149459204617, "etime": 1727149459204617, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55295, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149480752469, "etime": 1727149480752469, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55317, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149487954670, "etime": 1727149487954670, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55324, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149491070601, "etime": 1727149491070601, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55327, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149493103882, "etime": 1727149493103882, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55329, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149463311536, "etime": 1727149463311536, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55299, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149472494879, "etime": 1727149472494879, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149396312916, "etime": 1727149396312916, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55280, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149481781104, "etime": 1727149481781104, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149496179892, "etime": 1727149496179892, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55332, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149497204297, "etime": 1727149497204297, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149500299546, "etime": 1727149500299546, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55338, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149483832189, "etime": 1727149483832189, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55320, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149504816209, "etime": 1727149504816209, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55354, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727149470454453, "etime": 1727149470454453, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149478675979, "etime": 1727149478675979, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149468389112, "etime": 1727149468389112, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149506873149, "etime": 1727149506873149, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149473531900, "etime": 1727149473531900, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55310, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149509952312, "etime": 1727149509952312, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55360, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149485896877, "etime": 1727149485896877, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55322, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149507894214, "etime": 1727149507894214, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149510972390, "etime": 1727149510972390, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55361, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149464326283, "etime": 1727149464326283, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149511004316, "etime": 1727149511004316, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149393725445, "etime": 1727149393725445, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55278, "dest_port": 801, "protocol": "tls", "result": "Normal"}, {"stime": 1727149466350916, "etime": 1727149466350916, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55302, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149488985741, "etime": 1727149488985741, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149498237397, "etime": 1727149498237397, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55335, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149505843847, "etime": 1727149505843847, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149494132878, "etime": 1727149494132878, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55330, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149495153070, "etime": 1727149495153070, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55331, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149476614232, "etime": 1727149476614232, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55313, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149484865433, "etime": 1727149484865433, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149456367800, "etime": 1727149456367800, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55292, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149486925811, "etime": 1727149486925811, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55323, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149492089749, "etime": 1727149492089749, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55328, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149469417515, "etime": 1727149469417515, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55306, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727149471475391, "etime": 1727149471475391, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55308, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:32.611] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:32.612] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26324 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023131Z&X-Amz-Expires=604800&X-Amz-Signature=a2028078a807ee3ca9d10434cb72b391f0e42acab17be8b465edca94f2dae7df&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:32.612] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:35.195] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl|result:{"code": 1, "total_count": 34, "abnormal_count": 1, "normal_count": 33, "alert_count": 1, "timestamp": 1765362755194, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727153916210460, "etime": 1727153916210460, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49411, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153936147831, "etime": 1727153936147831, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49432, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153930898829, "etime": 1727153930898829, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49426, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153919365985, "etime": 1727153919365985, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49414, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153932992515, "etime": 1727153932992515, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49428, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153923508381, "etime": 1727153923508381, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49418, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153938227753, "etime": 1727153938227753, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49434, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153917272929, "etime": 1727153917272929, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49412, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153920398069, "etime": 1727153920398069, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49415, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153931946271, "etime": 1727153931946271, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49427, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153927772704, "etime": 1727153927772704, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49423, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153925673197, "etime": 1727153925673197, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49421, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153926727134, "etime": 1727153926727134, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49422, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153918320298, "etime": 1727153918320298, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49413, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153921445578, "etime": 1727153921445578, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49416, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153849397824, "etime": 1727153849397824, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49403, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153909960947, "etime": 1727153909960947, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49405, "dest_port": 9443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727153925616871, "etime": 1727153925616871, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49420, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153911007191, "etime": 1727153911007191, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49406, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153922475849, "etime": 1727153922475849, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49417, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153915178797, "etime": 1727153915178797, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49410, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153914148495, "etime": 1727153914148495, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49409, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153934069321, "etime": 1727153934069321, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49430, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153937194583, "etime": 1727153937194583, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49433, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153913100913, "etime": 1727153913100913, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49408, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153912053778, "etime": 1727153912053778, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49407, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153909461148, "etime": 1727153909461148, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49404, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153935101457, "etime": 1727153935101457, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49431, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153929866690, "etime": 1727153929866690, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49425, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153928820871, "etime": 1727153928820871, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49424, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153924556229, "etime": 1727153924556229, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49419, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153847453856, "etime": 1727153847453856, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49402, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727153938275898, "etime": 1727153938275898, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49435, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153933043490, "etime": 1727153933043490, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49429, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:35.195] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26325 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a64682e652205fd4f2dd2b58a0bc6d5548edd4de31770fa98db30a7387faf392&X-Amz-Date=20251210T023134Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:35.195] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:38.166] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl|result:{"code": 1, "total_count": 39, "abnormal_count": 2, "normal_count": 37, "alert_count": 2, "timestamp": 1765362758164, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727154730528188, "etime": 1727154730528188, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50125, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154740761734, "etime": 1727154740761734, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50135, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154717973043, "etime": 1727154717973043, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50114, "dest_port": 9443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727154744162453, "etime": 1727154744162453, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50138, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154750995703, "etime": 1727154750995703, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50144, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154655886937, "etime": 1727154655886937, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50111, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154735067990, "etime": 1727154735067990, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50130, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154738484222, "etime": 1727154738484222, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50133, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154752307167, "etime": 1727154752307167, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50146, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154737345373, "etime": 1727154737345373, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50132, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154728236108, "etime": 1727154728236108, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50123, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154720248999, "etime": 1727154720248999, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50116, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154716270081, "etime": 1727154716270081, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50113, "dest_port": 9443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727154736206932, "etime": 1727154736206932, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50131, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154755722764, "etime": 1727154755722764, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50149, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154755851395, "etime": 1727154755851395, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50150, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154754584030, "etime": 1727154754584030, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50148, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154727096389, "etime": 1727154727096389, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50122, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154747579534, "etime": 1727154747579534, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50141, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154731667570, "etime": 1727154731667570, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50126, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154753445311, "etime": 1727154753445311, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50147, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154745302297, "etime": 1727154745302297, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50139, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154725958030, "etime": 1727154725958030, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50121, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154741900838, "etime": 1727154741900838, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50136, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154724819806, "etime": 1727154724819806, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50120, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154729390066, "etime": 1727154729390066, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50124, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154653546974, "etime": 1727154653546974, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50110, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727154733929298, "etime": 1727154733929298, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50128, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154723683131, "etime": 1727154723683131, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50119, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154722525396, "etime": 1727154722525396, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50118, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154748717591, "etime": 1727154748717591, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50142, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154746441116, "etime": 1727154746441116, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50140, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154749857229, "etime": 1727154749857229, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50143, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154751155453, "etime": 1727154751155453, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50145, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154743024909, "etime": 1727154743024909, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50137, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154719111249, "etime": 1727154719111249, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50115, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154732790286, "etime": 1727154732790286, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50127, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154739623579, "etime": 1727154739623579, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50134, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727154721386491, "etime": 1727154721386491, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "src_port": 50117, "dest_port": 9443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:38.166] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24672 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023138Z&X-Amz-SignedHeaders=host&X-Amz-Signature=58b41444332de43d1b2c6ca5631a0012be4e5eea51befe619302859c5fdf2a3c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:38.166] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:45.486] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl|result:{"code": 0, "total_count": 96, "abnormal_count": 0, "normal_count": 96, "alert_count": 0, "timestamp": 1765362765484, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727401157681151, "etime": 1727401157681151, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50238, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401172054501, "etime": 1727401172054501, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50254, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401095498631, "etime": 1727401095498631, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50234, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401165882688, "etime": 1727401165882688, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50247, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401173071646, "etime": 1727401173071646, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50255, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401177148407, "etime": 1727401177148407, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50259, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401193210586, "etime": 1727401193210586, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50275, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401196294948, "etime": 1727401196294948, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50279, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401203476406, "etime": 1727401203476406, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50287, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401222976503, "etime": 1727401222976503, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50309, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401233376406, "etime": 1727401233376406, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50322, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401209680332, "etime": 1727401209680332, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50295, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401227088027, "etime": 1727401227088027, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50314, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401166898847, "etime": 1727401166898847, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50248, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401200429447, "etime": 1727401200429447, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50284, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401238464777, "etime": 1727401238464777, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50328, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401215820788, "etime": 1727401215820788, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50302, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401208667519, "etime": 1727401208667519, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50294, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401195242285, "etime": 1727401195242285, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50277, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401214805537, "etime": 1727401214805537, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50301, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401225063377, "etime": 1727401225063377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50312, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401201445423, "etime": 1727401201445423, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50285, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401207602131, "etime": 1727401207602131, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50292, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401199351530, "etime": 1727401199351530, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50282, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401162847666, "etime": 1727401162847666, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50244, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401198335709, "etime": 1727401198335709, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50281, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401230148779, "etime": 1727401230148779, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50317, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401234382584, "etime": 1727401234382584, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50323, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401190117109, "etime": 1727401190117109, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50271, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401164867296, "etime": 1727401164867296, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50246, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401174086502, "etime": 1727401174086502, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50256, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401179179687, "etime": 1727401179179687, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50261, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401205507715, "etime": 1727401205507715, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50289, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401182226571, "etime": 1727401182226571, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50264, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401160749292, "etime": 1727401160749292, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50241, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401161773973, "etime": 1727401161773973, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50242, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401163851811, "etime": 1727401163851811, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50245, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401169945145, "etime": 1727401169945145, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50251, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401189101257, "etime": 1727401189101257, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50270, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401194227045, "etime": 1727401194227045, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50276, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401206585685, "etime": 1727401206585685, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50291, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401159710859, "etime": 1727401159710859, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50240, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401162791058, "etime": 1727401162791058, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50243, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401178164621, "etime": 1727401178164621, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50260, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401218900042, "etime": 1727401218900042, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50305, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401223992262, "etime": 1727401223992262, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50310, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401156523172, "etime": 1727401156523172, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50236, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401237446230, "etime": 1727401237446230, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50326, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401220946314, "etime": 1727401220946314, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50307, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401158697920, "etime": 1727401158697920, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50239, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401192195649, "etime": 1727401192195649, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50274, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401213773441, "etime": 1727401213773441, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50300, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401226070544, "etime": 1727401226070544, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50313, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401191179477, "etime": 1727401191179477, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50273, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401171037737, "etime": 1727401171037737, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50253, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401187039149, "etime": 1727401187039149, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50267, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401181211115, "etime": 1727401181211115, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50263, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401188054690, "etime": 1727401188054690, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50268, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401210736931, "etime": 1727401210736931, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50297, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401204492407, "etime": 1727401204492407, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50288, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401230283000, "etime": 1727401230283000, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50318, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401186034323, "etime": 1727401186034323, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50266, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401197304652, "etime": 1727401197304652, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50280, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401199408145, "etime": 1727401199408145, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50283, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401188098529, "etime": 1727401188098529, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50269, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401231289228, "etime": 1727401231289228, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50319, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401170977742, "etime": 1727401170977742, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50252, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401202461561, "etime": 1727401202461561, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50286, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401208634452, "etime": 1727401208634452, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50293, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401229133252, "etime": 1727401229133252, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50316, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401232305213, "etime": 1727401232305213, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50320, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401236414448, "etime": 1727401236414448, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50325, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401155507776, "etime": 1727401155507776, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50235, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401233320651, "etime": 1727401233320651, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50321, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401238460845, "etime": 1727401238460845, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50327, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401183241980, "etime": 1727401183241980, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50265, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401216853063, "etime": 1727401216853063, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50303, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401210695335, "etime": 1727401210695335, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50296, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401212760778, "etime": 1727401212760778, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50299, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401095480004, "etime": 1727401095480004, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50233, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401176132839, "etime": 1727401176132839, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50258, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401168931633, "etime": 1727401168931633, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50250, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401191132495, "etime": 1727401191132495, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50272, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401167913927, "etime": 1727401167913927, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50249, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401211742153, "etime": 1727401211742153, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50298, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401219913972, "etime": 1727401219913972, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50306, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401180195691, "etime": 1727401180195691, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50262, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401206523294, "etime": 1727401206523294, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50290, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401217867552, "etime": 1727401217867552, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50304, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401221960927, "etime": 1727401221960927, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50308, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401225008472, "etime": 1727401225008472, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50311, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401228101368, "etime": 1727401228101368, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50315, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401235400279, "etime": 1727401235400279, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50324, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401156671245, "etime": 1727401156671245, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50237, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401196257802, "etime": 1727401196257802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50278, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727401175118073, "etime": 1727401175118073, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50257, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:45.486] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:32:45.486] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25080 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=02994a76b20f7f89182077d31be773eb4563d98aa446c575da9d9a22e1e28795&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023141Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:32:45.486] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:45.486] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:45.487] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:45.487] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:45.487] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:45.487] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:48.110] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl|result:{"code": 1, "total_count": 35, "abnormal_count": 3, "normal_count": 32, "alert_count": 3, "timestamp": 1765362768109, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727156508151089, "etime": 1727156508151089, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50281, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156525857836, "etime": 1727156525857836, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50298, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156521302067, "etime": 1727156521302067, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50294, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156515639328, "etime": 1727156515639328, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50289, "dest_port": 6443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727156524718553, "etime": 1727156524718553, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50297, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156523580511, "etime": 1727156523580511, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50296, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156502488740, "etime": 1727156502488740, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50276, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156499072603, "etime": 1727156499072603, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50273, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156510694946, "etime": 1727156510694946, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50285, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156434881562, "etime": 1727156434881562, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50269, "dest_port": 8001, "protocol": "tls", "result": "Normal"}, {"stime": 1727156512971542, "etime": 1727156512971542, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50287, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156503627109, "etime": 1727156503627109, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50277, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156507014183, "etime": 1727156507014183, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50280, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156526996908, "etime": 1727156526996908, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50299, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156531682781, "etime": 1727156531682781, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50304, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156530412893, "etime": 1727156530412893, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50302, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156511833248, "etime": 1727156511833248, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50286, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156504765960, "etime": 1727156504765960, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50278, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156516778354, "etime": 1727156516778354, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50290, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156517916544, "etime": 1727156517916544, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50291, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156500211823, "etime": 1727156500211823, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50274, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156509570611, "etime": 1727156509570611, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50284, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156501355181, "etime": 1727156501355181, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50275, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156508435098, "etime": 1727156508435098, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50282, "dest_port": 6443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727156497938593, "etime": 1727156497938593, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50272, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156505889458, "etime": 1727156505889458, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50279, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156519055507, "etime": 1727156519055507, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50292, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156528136049, "etime": 1727156528136049, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50300, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156437388424, "etime": 1727156437388424, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50270, "dest_port": 6443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727156529274244, "etime": 1727156529274244, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50301, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156531552771, "etime": 1727156531552771, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50303, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156514111121, "etime": 1727156514111121, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50288, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156522441226, "etime": 1727156522441226, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50295, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156497747582, "etime": 1727156497747582, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50271, "dest_port": 6443, "protocol": "tls", "result": "Normal"}, {"stime": 1727156520178837, "etime": 1727156520178837, "src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "src_port": 50293, "dest_port": 6443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:48.110] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24673 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023144Z&X-Amz-Signature=e758dba07fb2068e72e6d2d117d27504f569d20cb299955ac847a57e34c8cc55&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:48.110] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:48.111] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:50.451] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 1, "normal_count": 30, "alert_count": 1, "timestamp": 1765362770450, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727075685223318, "etime": 1727075685223318, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50324, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075710098836, "etime": 1727075710098836, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50347, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075694459612, "etime": 1727075694459612, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50332, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075701770571, "etime": 1727075701770571, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50339, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075705927383, "etime": 1727075705927383, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50343, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075703848280, "etime": 1727075703848280, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50341, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075697599515, "etime": 1727075697599515, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50335, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075706962746, "etime": 1727075706962746, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50344, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075704895480, "etime": 1727075704895480, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50342, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075700723822, "etime": 1727075700723822, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50338, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075692365669, "etime": 1727075692365669, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50330, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075698646633, "etime": 1727075698646633, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50336, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075691318375, "etime": 1727075691318375, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50329, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075687183876, "etime": 1727075687183876, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50325, "dest_port": 4431, "protocol": "tls", "result": "Behinder"}, {"stime": 1727075693411701, "etime": 1727075693411701, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50331, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075625165303, "etime": 1727075625165303, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50323, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075695520139, "etime": 1727075695520139, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50333, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075711145729, "etime": 1727075711145729, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50348, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075714271031, "etime": 1727075714271031, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50351, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075696553256, "etime": 1727075696553256, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50334, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075622830456, "etime": 1727075622830456, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50322, "dest_port": 801, "protocol": "tls", "result": "Normal"}, {"stime": 1727075709051717, "etime": 1727075709051717, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50346, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075688223131, "etime": 1727075688223131, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50326, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075714292801, "etime": 1727075714292801, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50352, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075702801624, "etime": 1727075702801624, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50340, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075690285766, "etime": 1727075690285766, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50328, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075699692956, "etime": 1727075699692956, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50337, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075708005459, "etime": 1727075708005459, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50345, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075713239078, "etime": 1727075713239078, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50350, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075689254261, "etime": 1727075689254261, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50327, "dest_port": 4431, "protocol": "tls", "result": "Normal"}, {"stime": 1727075712195008, "etime": 1727075712195008, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "src_port": 50349, "dest_port": 4431, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:50.451] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26326 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl?X-Amz-Date=20251210T023147Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=fd406ab07180ea212989c36c7c2f565618023ba2f802b20525cb5707f3cf0510&X-Amz-Expires=604800"} [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:50.451] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:52.695] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl|result:{"code": 1, "total_count": 32, "abnormal_count": 2, "normal_count": 30, "alert_count": 2, "timestamp": 1765362772694, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727155291880495, "etime": 1727155291880495, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49486, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155282428507, "etime": 1727155282428507, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49476, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155216730739, "etime": 1727155216730739, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49469, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155298599476, "etime": 1727155298599476, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49492, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155303938613, "etime": 1727155303938613, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49499, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155293384586, "etime": 1727155293384586, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49487, "dest_port": 9443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727155302851039, "etime": 1727155302851039, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49497, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155279302935, "etime": 1727155279302935, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49473, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155283552406, "etime": 1727155283552406, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49478, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155278256821, "etime": 1727155278256821, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49472, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155286647065, "etime": 1727155286647065, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49481, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155288739798, "etime": 1727155288739798, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49483, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155294428233, "etime": 1727155294428233, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49488, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155289772257, "etime": 1727155289772257, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49484, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155287693700, "etime": 1727155287693700, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49482, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155276803988, "etime": 1727155276803988, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49470, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155303896430, "etime": 1727155303896430, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49498, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155296536707, "etime": 1727155296536707, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49490, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155290819204, "etime": 1727155290819204, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49485, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155300756087, "etime": 1727155300756087, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49495, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155285615058, "etime": 1727155285615058, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49480, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155297569363, "etime": 1727155297569363, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49491, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155282519245, "etime": 1727155282519245, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49477, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155299631319, "etime": 1727155299631319, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49493, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155277218175, "etime": 1727155277218175, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49471, "dest_port": 9443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727155295478235, "etime": 1727155295478235, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49489, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155299713847, "etime": 1727155299713847, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49494, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155280333717, "etime": 1727155280333717, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49474, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155281364718, "etime": 1727155281364718, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49475, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155284583471, "etime": 1727155284583471, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49479, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155301803760, "etime": 1727155301803760, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49496, "dest_port": 9443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155214749328, "etime": 1727155214749328, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49468, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:52.695] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26327 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023150Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=ed3ac0ae60325322c410bbdde1699aaa9c7fde7d723b4642243bef49235e1517"} [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:52.695] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:54.710] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 5, "normal_count": 22, "alert_count": 5, "timestamp": 1765362774709, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727315780017980, "etime": 1727315780017980, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49697, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315775035384, "etime": 1727315775035384, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49694, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315786189928, "etime": 1727315786189928, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49704, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315782127314, "etime": 1727315782127314, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49700, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315789368292, "etime": 1727315789368292, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49708, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315792489115, "etime": 1727315792489115, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49712, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315781034051, "etime": 1727315781034051, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49698, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315785174389, "etime": 1727315785174389, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49703, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315594926828, "etime": 1727315594926828, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49687, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727315787205688, "etime": 1727315787205688, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315784158621, "etime": 1727315784158621, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49702, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315594980581, "etime": 1727315594980581, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49688, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315779002678, "etime": 1727315779002678, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49696, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315788299690, "etime": 1727315788299690, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49707, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727315715017811, "etime": 1727315715017811, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49692, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1727315787279964, "etime": 1727315787279964, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49706, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727315793502603, "etime": 1727315793502603, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49713, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315794533739, "etime": 1727315794533739, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49714, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315795549119, "etime": 1727315795549119, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49715, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315777984988, "etime": 1727315777984988, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49695, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727315783143356, "etime": 1727315783143356, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49701, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315791455711, "etime": 1727315791455711, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49711, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315790377280, "etime": 1727315790377280, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49709, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315795557411, "etime": 1727315795557411, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49716, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315781117744, "etime": 1727315781117744, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49699, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315790433491, "etime": 1727315790433491, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49710, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727315655002994, "etime": 1727315655002994, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49690, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:54.710] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26328 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023153Z&X-Amz-Signature=ea5d11c3f97f5c430c710fa5b3cdd80b01d28c61bae2ab4bd54a9b2775a2a82b&X-Amz-SignedHeaders=host"} [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:54.710] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:32:57.080] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765362777079, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727155145798853, "etime": 1727155145798853, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49463, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155060685223, "etime": 1727155060685223, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49437, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727155124192194, "etime": 1727155124192194, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155131488441, "etime": 1727155131488441, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49448, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155062518267, "etime": 1727155062518267, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155125225532, "etime": 1727155125225532, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155123149722, "etime": 1727155123149722, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49440, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1727155127332947, "etime": 1727155127332947, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155128379943, "etime": 1727155128379943, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155137345462, "etime": 1727155137345462, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49454, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727155146848439, "etime": 1727155146848439, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49464, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155134097802, "etime": 1727155134097802, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49450, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155148910770, "etime": 1727155148910770, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49466, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155126287049, "etime": 1727155126287049, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155129410853, "etime": 1727155129410853, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155135145629, "etime": 1727155135145629, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155145722940, "etime": 1727155145722940, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49462, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155137253703, "etime": 1727155137253703, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49453, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155122583201, "etime": 1727155122583201, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49439, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727155133047785, "etime": 1727155133047785, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49449, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1727155140505663, "etime": 1727155140505663, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49457, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155144691840, "etime": 1727155144691840, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155142600014, "etime": 1727155142600014, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155130456872, "etime": 1727155130456872, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155148968533, "etime": 1727155148968533, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49467, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155138395889, "etime": 1727155138395889, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49455, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155143659763, "etime": 1727155143659763, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49460, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155141551760, "etime": 1727155141551760, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49458, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155136191957, "etime": 1727155136191957, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49452, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155139456963, "etime": 1727155139456963, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49456, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727155147879359, "etime": 1727155147879359, "src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "src_port": 49465, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:32:57.080] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25081 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023156Z&X-Amz-SignedHeaders=host&X-Amz-Signature=c7abc1b65640435d37844f4758942be83d160c79cddee6994f931b4f4669bde6&X-Amz-Expires=604800"} [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:32:57.080] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:32:57.081] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:04.235] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl|result:{"code": 0, "total_count": 95, "abnormal_count": 0, "normal_count": 95, "alert_count": 0, "timestamp": 1765362784233, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727338813665341, "etime": 1727338813665341, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53636, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338807535244, "etime": 1727338807535244, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53629, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338787003682, "etime": 1727338787003682, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53607, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338801274925, "etime": 1727338801274925, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53622, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338827957758, "etime": 1727338827957758, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53651, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338837097842, "etime": 1727338837097842, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53660, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338840144404, "etime": 1727338840144404, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53663, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338854425899, "etime": 1727338854425899, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53678, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338869766985, "etime": 1727338869766985, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53697, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338815709240, "etime": 1727338815709240, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53638, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338864688207, "etime": 1727338864688207, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53691, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338785986825, "etime": 1727338785986825, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53606, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338803317477, "etime": 1727338803317477, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53624, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338804332439, "etime": 1727338804332439, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53625, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338808550916, "etime": 1727338808550916, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53630, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338812613139, "etime": 1727338812613139, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53634, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338799238839, "etime": 1727338799238839, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53620, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338783145233, "etime": 1727338783145233, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53605, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338819784966, "etime": 1727338819784966, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53642, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338796144912, "etime": 1727338796144912, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53616, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338810581980, "etime": 1727338810581980, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53632, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338825879391, "etime": 1727338825879391, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53648, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338820800890, "etime": 1727338820800890, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53643, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338836081855, "etime": 1727338836081855, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53659, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338839129018, "etime": 1727338839129018, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53662, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338833035531, "etime": 1727338833035531, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53656, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338851373031, "etime": 1727338851373031, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53675, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338855441593, "etime": 1727338855441593, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53679, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338832019776, "etime": 1727338832019776, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53655, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338788019311, "etime": 1727338788019311, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53608, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338811597829, "etime": 1727338811597829, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53633, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338806514029, "etime": 1727338806514029, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53628, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338826894749, "etime": 1727338826894749, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53649, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338849285679, "etime": 1727338849285679, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53672, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338853410104, "etime": 1727338853410104, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53677, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338805364363, "etime": 1727338805364363, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53626, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338869754133, "etime": 1727338869754133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338821816424, "etime": 1727338821816424, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53644, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338829988539, "etime": 1727338829988539, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53653, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338791066642, "etime": 1727338791066642, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53611, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338860582320, "etime": 1727338860582320, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53686, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338867722874, "etime": 1727338867722874, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338844207602, "etime": 1727338844207602, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53667, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338806378955, "etime": 1727338806378955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53627, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338802285163, "etime": 1727338802285163, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53623, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338817754826, "etime": 1727338817754826, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53640, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338856487576, "etime": 1727338856487576, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53681, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338858520121, "etime": 1727338858520121, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53683, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338790050756, "etime": 1727338790050756, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53610, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338824863483, "etime": 1727338824863483, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53647, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338814675720, "etime": 1727338814675720, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53637, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338859535245, "etime": 1727338859535245, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53684, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338856456871, "etime": 1727338856456871, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53680, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338857504060, "etime": 1727338857504060, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53682, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338823847550, "etime": 1727338823847550, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53646, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338799191609, "etime": 1727338799191609, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53619, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338789035515, "etime": 1727338789035515, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53609, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338798175814, "etime": 1727338798175814, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53618, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338723135352, "etime": 1727338723135352, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53604, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338818769696, "etime": 1727338818769696, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53641, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338848269753, "etime": 1727338848269753, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53671, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338828972882, "etime": 1727338828972882, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53652, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338842176476, "etime": 1727338842176476, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53665, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338809566405, "etime": 1727338809566405, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53631, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338852394867, "etime": 1727338852394867, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53676, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338846238579, "etime": 1727338846238579, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53669, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338834050845, "etime": 1727338834050845, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53657, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338838113523, "etime": 1727338838113523, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53661, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338845222553, "etime": 1727338845222553, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53668, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338793098317, "etime": 1727338793098317, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53613, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338864644406, "etime": 1727338864644406, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53690, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338822832081, "etime": 1727338822832081, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53645, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338841159917, "etime": 1727338841159917, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53664, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338866706849, "etime": 1727338866706849, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53693, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338831003955, "etime": 1727338831003955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53654, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338843191205, "etime": 1727338843191205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53666, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338859571323, "etime": 1727338859571323, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53685, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338861599682, "etime": 1727338861599682, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53687, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338826943570, "etime": 1727338826943570, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53650, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338851316747, "etime": 1727338851316747, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53674, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338800254932, "etime": 1727338800254932, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53621, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338794113495, "etime": 1727338794113495, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53614, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338835066772, "etime": 1727338835066772, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53658, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338795128924, "etime": 1727338795128924, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53615, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338850300977, "etime": 1727338850300977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53673, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338723116538, "etime": 1727338723116538, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53603, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338863629252, "etime": 1727338863629252, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53689, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338792081772, "etime": 1727338792081772, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53612, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338868738588, "etime": 1727338868738588, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53695, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338813629290, "etime": 1727338813629290, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53635, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338797160252, "etime": 1727338797160252, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53617, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338865691780, "etime": 1727338865691780, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53692, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338816722652, "etime": 1727338816722652, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53639, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338847254626, "etime": 1727338847254626, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53670, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727338862613176, "etime": 1727338862613176, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 53688, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:04.235] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:04.236] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26329 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=da36773b8c3a53f3bc5facba4a5b48b63ec22768cb87aa123a81167b804c4ca5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023200Z"} [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:04.236] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:11.121] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl|result:{"code": 0, "total_count": 90, "abnormal_count": 0, "normal_count": 90, "alert_count": 0, "timestamp": 1765362791119, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727337680220315, "etime": 1727337680220315, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52081, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337681236346, "etime": 1727337681236346, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52082, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337684282819, "etime": 1727337684282819, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52085, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337691158153, "etime": 1727337691158153, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52090, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337697470558, "etime": 1727337697470558, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52098, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337708318061, "etime": 1727337708318061, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52109, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337626095108, "etime": 1727337626095108, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52023, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337674095780, "etime": 1727337674095780, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52074, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337657657910, "etime": 1727337657657910, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52056, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337641360920, "etime": 1727337641360920, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52039, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337649517345, "etime": 1727337649517345, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52048, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337627111047, "etime": 1727337627111047, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52024, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337658673567, "etime": 1727337658673567, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52057, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337686330751, "etime": 1727337686330751, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52087, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337704259406, "etime": 1727337704259406, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52104, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337642410898, "etime": 1727337642410898, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52041, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337632220581, "etime": 1727337632220581, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52030, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337625080237, "etime": 1727337625080237, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52022, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337630157972, "etime": 1727337630157972, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52027, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337648501851, "etime": 1727337648501851, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52047, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337683267350, "etime": 1727337683267350, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52084, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337692288442, "etime": 1727337692288442, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52092, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337631205144, "etime": 1727337631205144, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52029, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337663752261, "etime": 1727337663752261, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52062, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337669892535, "etime": 1727337669892535, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52069, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337703205197, "etime": 1727337703205197, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52102, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337644438920, "etime": 1727337644438920, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52043, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337677142120, "etime": 1727337677142120, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52077, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337690142403, "etime": 1727337690142403, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52089, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337705267238, "etime": 1727337705267238, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52105, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337696463880, "etime": 1727337696463880, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52097, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337645455295, "etime": 1727337645455295, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52044, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337704220755, "etime": 1727337704220755, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52103, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337640346083, "etime": 1727337640346083, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52038, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337708314392, "etime": 1727337708314392, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52108, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337663795807, "etime": 1727337663795807, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52063, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337672063404, "etime": 1727337672063404, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52072, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337693298894, "etime": 1727337693298894, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52093, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337646470354, "etime": 1727337646470354, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52045, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337685319546, "etime": 1727337685319546, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52086, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337630190728, "etime": 1727337630190728, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52028, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337668876570, "etime": 1727337668876570, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52068, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337660704773, "etime": 1727337660704773, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52059, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337635268138, "etime": 1727337635268138, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52033, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337675110894, "etime": 1727337675110894, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52075, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337652579667, "etime": 1727337652579667, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52051, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337677185412, "etime": 1727337677185412, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52078, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337650532792, "etime": 1727337650532792, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52049, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337655626992, "etime": 1727337655626992, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52054, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337698486307, "etime": 1727337698486307, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52099, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337634251690, "etime": 1727337634251690, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52032, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337662736276, "etime": 1727337662736276, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52061, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337667861459, "etime": 1727337667861459, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52067, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337682251648, "etime": 1727337682251648, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52083, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337673080554, "etime": 1727337673080554, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52073, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337676126736, "etime": 1727337676126736, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52076, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337565065759, "etime": 1727337565065759, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52021, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337628126443, "etime": 1727337628126443, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52025, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337647486135, "etime": 1727337647486135, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52046, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337665829919, "etime": 1727337665829919, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52065, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337651564526, "etime": 1727337651564526, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52050, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337694314292, "etime": 1727337694314292, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52094, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337664814174, "etime": 1727337664814174, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52064, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337701184994, "etime": 1727337701184994, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52100, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337702189416, "etime": 1727337702189416, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52101, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337661720185, "etime": 1727337661720185, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52060, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337636283068, "etime": 1727337636283068, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52034, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337565053506, "etime": 1727337565053506, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52020, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337696345405, "etime": 1727337696345405, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52096, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337643423744, "etime": 1727337643423744, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52042, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337656642360, "etime": 1727337656642360, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52055, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337706283205, "etime": 1727337706283205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52106, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337637299415, "etime": 1727337637299415, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52035, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337639329532, "etime": 1727337639329532, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52037, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337638314047, "etime": 1727337638314047, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52036, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337659689160, "etime": 1727337659689160, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52058, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337654611417, "etime": 1727337654611417, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52053, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337666845589, "etime": 1727337666845589, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52066, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337642376757, "etime": 1727337642376757, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52040, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337687362166, "etime": 1727337687362166, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52088, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337679204757, "etime": 1727337679204757, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52080, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337692173801, "etime": 1727337692173801, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52091, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337695329987, "etime": 1727337695329987, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52095, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337707299291, "etime": 1727337707299291, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52107, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337629142209, "etime": 1727337629142209, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52026, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337678189812, "etime": 1727337678189812, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52079, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337653595570, "etime": 1727337653595570, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52052, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337670908111, "etime": 1727337670908111, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52070, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337671923595, "etime": 1727337671923595, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52071, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337633235981, "etime": 1727337633235981, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 52031, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:11.121] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24674 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=43c9ce837ecd3ab842eaaf8d8c045c56f52da58fc99e1835d289bd44f3bfb185&X-Amz-Date=20251210T023203Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:11.121] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:11.122] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:11.200] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362791199, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726643864589367, "etime": 1726643864589367, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49298, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:11.200] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25082 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl?X-Amz-Date=20251210T023206Z&X-Amz-Signature=96fb6e1bc49796eb2df4a2285775986c44d9bd938b68a906e40a4a040a47ae2e&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:11.200] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:11.201] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:11.279] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765362791279, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1726643864589367, "etime": 1726643864589367, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49298, "dest_port": 50050, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:11.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:11.279] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26330 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023209Z&X-Amz-SignedHeaders=host&X-Amz-Signature=a0d425c03f3bea05b8d53e5eb7cec73f437a7fc3f6c1c0d70a1a11bae085f510"} [2025-12-10 10:33:11.279] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:11.279] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:11.280] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:11.359] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362791358, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726643632227044, "etime": 1726643632227044, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49297, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:33:11.359] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24675 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl?X-Amz-Date=20251210T023212Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7ef7d828ed5481d70134b849c3100996c3af56f1ca0f287620dc2cef72f6eeea"} [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:11.359] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:11.439] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362791439, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726643632227044, "etime": 1726643632227044, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49297, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:33:11.439] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:33:11.439] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:11.439] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:33:11.439] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25083 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023215Z&X-Amz-SignedHeaders=host&X-Amz-Signature=728c466c9512cc5f37b95084c758f6bd50220b9384d5ee7df1e29a8f97e9e2b2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:33:11.439] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:11.439] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:11.440] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:11.440] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:11.440] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:11.440] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:18.637] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl|result:{"code": 0, "total_count": 95, "abnormal_count": 0, "normal_count": 95, "alert_count": 0, "timestamp": 1765362798635, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727339942194927, "etime": 1727339942194927, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54107, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339939115448, "etime": 1727339939115448, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54104, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339945240487, "etime": 1727339945240487, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54110, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339977802863, "etime": 1727339977802863, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54143, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339990084246, "etime": 1727339990084246, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54156, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339999256037, "etime": 1727339999256037, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54166, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339963569141, "etime": 1727339963569141, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54129, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340000303338, "etime": 1727340000303338, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54168, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340006427955, "etime": 1727340006427955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54175, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339980889332, "etime": 1727339980889332, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54147, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340005412802, "etime": 1727340005412802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54174, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339870888145, "etime": 1727339870888145, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54094, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339940147504, "etime": 1727339940147504, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54105, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339957472301, "etime": 1727339957472301, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54123, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339969818644, "etime": 1727339969818644, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54136, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339963718566, "etime": 1727339963718566, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54130, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339968802787, "etime": 1727339968802787, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54135, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339979834340, "etime": 1727339979834340, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54145, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339930953153, "etime": 1727339930953153, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54096, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339987046062, "etime": 1727339987046062, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54153, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340001318594, "etime": 1727340001318594, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54169, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340003385355, "etime": 1727340003385355, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54172, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340008459300, "etime": 1727340008459300, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54177, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340011506277, "etime": 1727340011506277, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54180, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339952350083, "etime": 1727339952350083, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54117, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340014724772, "etime": 1727340014724772, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54184, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339947272212, "etime": 1727339947272212, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54112, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339961539844, "etime": 1727339961539844, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54127, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339982945572, "etime": 1727339982945572, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54149, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339992144263, "etime": 1727339992144263, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54159, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340016761318, "etime": 1727340016761318, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54187, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339957428105, "etime": 1727339957428105, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54122, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339932990373, "etime": 1727339932990373, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54098, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339995194197, "etime": 1727339995194197, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54162, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339966756301, "etime": 1727339966756301, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54133, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339938101060, "etime": 1727339938101060, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54103, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339934006141, "etime": 1727339934006141, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54099, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339965742131, "etime": 1727339965742131, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54132, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339999286199, "etime": 1727339999286199, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54167, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340011675601, "etime": 1727340011675601, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54181, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339962553176, "etime": 1727339962553176, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54128, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339975740814, "etime": 1727339975740814, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54140, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339976787256, "etime": 1727339976787256, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54142, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339996209297, "etime": 1727339996209297, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54163, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340007443538, "etime": 1727340007443538, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54176, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339931975102, "etime": 1727339931975102, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54097, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339943208977, "etime": 1727339943208977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54108, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339992115818, "etime": 1727339992115818, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54158, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339935021567, "etime": 1727339935021567, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54100, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339950318421, "etime": 1727339950318421, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54115, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339959493593, "etime": 1727339959493593, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54125, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339988053278, "etime": 1727339988053278, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54154, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340003350044, "etime": 1727340003350044, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54171, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339978818829, "etime": 1727339978818829, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54144, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340010490509, "etime": 1727340010490509, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54179, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339948287613, "etime": 1727339948287613, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54113, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340016756271, "etime": 1727340016756271, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54186, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339937052795, "etime": 1727339937052795, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54102, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339994177977, "etime": 1727339994177977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54161, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339973709515, "etime": 1727339973709515, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54138, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339954381478, "etime": 1727339954381478, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54119, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339958475137, "etime": 1727339958475137, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54124, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339946256398, "etime": 1727339946256398, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54111, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339989068628, "etime": 1727339989068628, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54155, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339956412798, "etime": 1727339956412798, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54121, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339967788769, "etime": 1727339967788769, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54134, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340004397186, "etime": 1727340004397186, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54173, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339998240611, "etime": 1727339998240611, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54165, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339974724876, "etime": 1727339974724876, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54139, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340013709916, "etime": 1727340013709916, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54183, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339980850085, "etime": 1727339980850085, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54146, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339930912534, "etime": 1727339930912534, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54095, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339955396746, "etime": 1727339955396746, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54120, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339944225086, "etime": 1727339944225086, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54109, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340009474928, "etime": 1727340009474928, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54178, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339991099773, "etime": 1727339991099773, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54157, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339984991434, "etime": 1727339984991434, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54151, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339997225108, "etime": 1727339997225108, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54164, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339949303523, "etime": 1727339949303523, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54114, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340012693966, "etime": 1727340012693966, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54182, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339972695871, "etime": 1727339972695871, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54137, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339936037504, "etime": 1727339936037504, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54101, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339941163176, "etime": 1727339941163176, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54106, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339981897139, "etime": 1727339981897139, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54148, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339951335166, "etime": 1727339951335166, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54116, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339953365551, "etime": 1727339953365551, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54118, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339960506162, "etime": 1727339960506162, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54126, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339964724977, "etime": 1727339964724977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54131, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340002334362, "etime": 1727340002334362, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54170, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340015740762, "etime": 1727340015740762, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54185, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339986006590, "etime": 1727339986006590, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54152, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339983959341, "etime": 1727339983959341, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54150, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339870870239, "etime": 1727339870870239, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54093, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339993162516, "etime": 1727339993162516, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54160, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339975769053, "etime": 1727339975769053, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54141, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:18.637] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26331 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=bd37588e6dd67606e9ee563c9399b9e657563f6487b50dd58551d4ecbacd643a&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023218Z"} [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:18.637] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:18.638] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:24.870] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl|result:{"code": 0, "total_count": 83, "abnormal_count": 0, "normal_count": 83, "alert_count": 0, "timestamp": 1765362804868, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727406172053675, "etime": 1727406172053675, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49246, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406217294485, "etime": 1727406217294485, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49304, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406181319461, "etime": 1727406181319461, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49258, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406192556656, "etime": 1727406192556656, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49273, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406184393596, "etime": 1727406184393596, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49262, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406191523254, "etime": 1727406191523254, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49271, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406177223085, "etime": 1727406177223085, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49253, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406218308325, "etime": 1727406218308325, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49305, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406153104595, "etime": 1727406153104595, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49228, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406210055599, "etime": 1727406210055599, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49294, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406178231789, "etime": 1727406178231789, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49254, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406179245615, "etime": 1727406179245615, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49255, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406093071760, "etime": 1727406093071760, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49226, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406188465509, "etime": 1727406188465509, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49267, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406169994515, "etime": 1727406169994515, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49244, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406192537133, "etime": 1727406192537133, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49272, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406216281743, "etime": 1727406216281743, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49303, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406166952432, "etime": 1727406166952432, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49241, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406164924632, "etime": 1727406164924632, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49239, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406205952823, "etime": 1727406205952823, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49289, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406187451195, "etime": 1727406187451195, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49266, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406203907238, "etime": 1727406203907238, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49287, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406206982291, "etime": 1727406206982291, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49291, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406213191132, "etime": 1727406213191132, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49298, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406168980774, "etime": 1727406168980774, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49243, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406215234796, "etime": 1727406215234796, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49301, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406203878290, "etime": 1727406203878290, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49286, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406198730097, "etime": 1727406198730097, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49280, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406183380500, "etime": 1727406183380500, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49261, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406204923484, "etime": 1727406204923484, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49288, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406197701242, "etime": 1727406197701242, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49279, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406162897267, "etime": 1727406162897267, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49237, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406181289230, "etime": 1727406181289230, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49257, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406173130790, "etime": 1727406173130790, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49248, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406185407653, "etime": 1727406185407653, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49263, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406219321775, "etime": 1727406219321775, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49306, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406199744434, "etime": 1727406199744434, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49281, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406158794249, "etime": 1727406158794249, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49233, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406183348147, "etime": 1727406183348147, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49260, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406208012346, "etime": 1727406208012346, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49292, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406165938711, "etime": 1727406165938711, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49240, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406220357404, "etime": 1727406220357404, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49308, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406180259635, "etime": 1727406180259635, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49256, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406202848705, "etime": 1727406202848705, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49285, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406200774672, "etime": 1727406200774672, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49282, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406214221253, "etime": 1727406214221253, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49300, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406189479563, "etime": 1727406189479563, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49268, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406154113857, "etime": 1727406154113857, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49229, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406176172631, "etime": 1727406176172631, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49251, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406196688195, "etime": 1727406196688195, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49278, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406161866941, "etime": 1727406161866941, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49236, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406216248878, "etime": 1727406216248878, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49302, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406195625950, "etime": 1727406195625950, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49276, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406201834986, "etime": 1727406201834986, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49284, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406212161447, "etime": 1727406212161447, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49297, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406172127138, "etime": 1727406172127138, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49247, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406211085256, "etime": 1727406211085256, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49295, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406175158076, "etime": 1727406175158076, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49250, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406196639915, "etime": 1727406196639915, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49277, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406220351977, "etime": 1727406220351977, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49307, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406186421531, "etime": 1727406186421531, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49264, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406159808188, "etime": 1727406159808188, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49234, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406163911030, "etime": 1727406163911030, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49238, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406167966940, "etime": 1727406167966940, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49242, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406193567337, "etime": 1727406193567337, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49274, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406194596703, "etime": 1727406194596703, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49275, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406201803377, "etime": 1727406201803377, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49283, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406209041852, "etime": 1727406209041852, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49293, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406213204601, "etime": 1727406213204601, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49299, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406157781818, "etime": 1727406157781818, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49232, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406160837243, "etime": 1727406160837243, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49235, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406186448711, "etime": 1727406186448711, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49265, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406205972754, "etime": 1727406205972754, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49290, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406182334584, "etime": 1727406182334584, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49259, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406190520625, "etime": 1727406190520625, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49270, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406177186115, "etime": 1727406177186115, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49252, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406156142478, "etime": 1727406156142478, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49231, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406190493107, "etime": 1727406190493107, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49269, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406171024431, "etime": 1727406171024431, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49245, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406174144576, "etime": 1727406174144576, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49249, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406093093679, "etime": 1727406093093679, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49227, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406211146255, "etime": 1727406211146255, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49296, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727406155127851, "etime": 1727406155127851, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49230, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:24.870] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24676 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ae83951fcd076d43f981ca45b57f1b4595536b3eb25f66235b0d51c6bab96f85&X-Amz-Date=20251210T023221Z"} [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:24.870] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:24.871] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:24.948] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362804948, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645691903184, "etime": 1726645691903184, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49304, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:33:24.948] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:33:24.948] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:24.948] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:33:24.949] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24677 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023225Z&X-Amz-Signature=dba751d1d749fb9dbcda51a298bad08222a37de9b4c9f47e1d3c388a6e0576d4"} [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:24.949] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:31.062] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl|result:{"code": 0, "total_count": 81, "abnormal_count": 0, "normal_count": 81, "alert_count": 0, "timestamp": 1765362811060, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727342568214281, "etime": 1727342568214281, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55428, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342552214090, "etime": 1727342552214090, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55413, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342573354998, "etime": 1727342573354998, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55434, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342555261540, "etime": 1727342555261540, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55416, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342525480164, "etime": 1727342525480164, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342570261488, "etime": 1727342570261488, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55430, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342579464489, "etime": 1727342579464489, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55441, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342565027046, "etime": 1727342565027046, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55424, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342581549318, "etime": 1727342581549318, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55444, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342551208636, "etime": 1727342551208636, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55412, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342458557077, "etime": 1727342458557077, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342575412482, "etime": 1727342575412482, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55437, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342543997279, "etime": 1727342543997279, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55403, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342576417517, "etime": 1727342576417517, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55438, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342519589518, "etime": 1727342519589518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55377, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342528638089, "etime": 1727342528638089, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55385, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342541917373, "etime": 1727342541917373, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55400, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342550136433, "etime": 1727342550136433, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55410, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342558308093, "etime": 1727342558308093, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55419, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342568073976, "etime": 1727342568073976, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55427, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342569230711, "etime": 1727342569230711, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55429, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342580480429, "etime": 1727342580480429, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55442, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342535823639, "etime": 1727342535823639, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55394, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342540901867, "etime": 1727342540901867, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55399, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342538870459, "etime": 1727342538870459, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55397, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342587714272, "etime": 1727342587714272, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55451, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342581495914, "etime": 1727342581495914, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55443, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342567059658, "etime": 1727342567059658, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55426, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342526495440, "etime": 1727342526495440, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55382, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342566042625, "etime": 1727342566042625, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55425, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342534777926, "etime": 1727342534777926, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55392, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342458542996, "etime": 1727342458542996, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55374, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342547057927, "etime": 1727342547057927, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55406, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342578448929, "etime": 1727342578448929, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55440, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342531698514, "etime": 1727342531698514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55389, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342546043034, "etime": 1727342546043034, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55405, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342572323692, "etime": 1727342572323692, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55433, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342548105184, "etime": 1727342548105184, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55408, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342575386087, "etime": 1727342575386087, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55436, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342584638982, "etime": 1727342584638982, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55448, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342526609167, "etime": 1727342526609167, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55383, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342543948736, "etime": 1727342543948736, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55402, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342539886569, "etime": 1727342539886569, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55398, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342574371120, "etime": 1727342574371120, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55435, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342532730589, "etime": 1727342532730589, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55390, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342545011227, "etime": 1727342545011227, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55404, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342527620235, "etime": 1727342527620235, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55384, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342559323785, "etime": 1727342559323785, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55420, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342529676076, "etime": 1727342529676076, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55387, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342585652416, "etime": 1727342585652416, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55449, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342588729967, "etime": 1727342588729967, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55452, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342524464456, "etime": 1727342524464456, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342556276738, "etime": 1727342556276738, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55417, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342571315862, "etime": 1727342571315862, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55432, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342520604690, "etime": 1727342520604690, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55378, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342589762809, "etime": 1727342589762809, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55454, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342562986534, "etime": 1727342562986534, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55422, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342533746120, "etime": 1727342533746120, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55391, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342518573614, "etime": 1727342518573614, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55376, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342554245771, "etime": 1727342554245771, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55415, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342553229867, "etime": 1727342553229867, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55414, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342551152280, "etime": 1727342551152280, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55411, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342529651617, "etime": 1727342529651617, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55386, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342530685279, "etime": 1727342530685279, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55388, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342537854944, "etime": 1727342537854944, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55396, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342542933369, "etime": 1727342542933369, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55401, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342536839377, "etime": 1727342536839377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55395, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342523458342, "etime": 1727342523458342, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55379, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342534812599, "etime": 1727342534812599, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55393, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342547088982, "etime": 1727342547088982, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55407, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342560339292, "etime": 1727342560339292, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55421, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342571276953, "etime": 1727342571276953, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55431, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342577433027, "etime": 1727342577433027, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55439, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342563995673, "etime": 1727342563995673, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55423, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342582558008, "etime": 1727342582558008, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55445, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342583574066, "etime": 1727342583574066, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55446, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342549120952, "etime": 1727342549120952, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55409, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342557293256, "etime": 1727342557293256, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55418, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342584589435, "etime": 1727342584589435, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55447, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342586683131, "etime": 1727342586683131, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55450, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727342589745722, "etime": 1727342589745722, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 55453, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:31.062] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25084 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl?X-Amz-Date=20251210T023228Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6fd7bc3dcd651782a69839ae01d0208f1cf8f7bd2261455b7503222ac019c13a"} [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:31.062] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:36.936] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl|result:{"code": 0, "total_count": 78, "abnormal_count": 0, "normal_count": 78, "alert_count": 0, "timestamp": 1765362816934, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727399940881096, "etime": 1727399940881096, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49975, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399901405893, "etime": 1727399901405893, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49935, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399902411941, "etime": 1727399902411941, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49936, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399930567815, "etime": 1727399930567815, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49964, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399936693115, "etime": 1727399936693115, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49970, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399903429368, "etime": 1727399903429368, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49937, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399949130373, "etime": 1727399949130373, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49985, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399917817847, "etime": 1727399917817847, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49953, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399899333506, "etime": 1727399899333506, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49932, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399939864784, "etime": 1727399939864784, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49974, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399895244462, "etime": 1727399895244462, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49927, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399904443077, "etime": 1727399904443077, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49938, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399933632472, "etime": 1727399933632472, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49967, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399910614861, "etime": 1727399910614861, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49945, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399937718194, "etime": 1727399937718194, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49971, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399937833893, "etime": 1727399937833893, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49972, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399885240066, "etime": 1727399885240066, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49918, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399913755496, "etime": 1727399913755496, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49949, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399955261617, "etime": 1727399955261617, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49993, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399954239935, "etime": 1727399954239935, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49991, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399947090049, "etime": 1727399947090049, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49983, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399916802731, "etime": 1727399916802731, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49952, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399920864665, "etime": 1727399920864665, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49956, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399946005321, "etime": 1727399946005321, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49981, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399932599179, "etime": 1727399932599179, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49966, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399940921411, "etime": 1727399940921411, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49976, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399918833411, "etime": 1727399918833411, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49954, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399890458501, "etime": 1727399890458501, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49924, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399888427140, "etime": 1727399888427140, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49922, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399952209532, "etime": 1727399952209532, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49989, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399887411377, "etime": 1727399887411377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49921, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399889442486, "etime": 1727399889442486, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49923, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399915787071, "etime": 1727399915787071, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49951, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399897273633, "etime": 1727399897273633, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49929, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399942944760, "etime": 1727399942944760, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49978, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399906489624, "etime": 1727399906489624, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49940, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399944991328, "etime": 1727399944991328, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49980, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399919850835, "etime": 1727399919850835, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49955, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399907521735, "etime": 1727399907521735, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49941, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399943958556, "etime": 1727399943958556, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49979, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399925495403, "etime": 1727399925495403, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49959, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399948100469, "etime": 1727399948100469, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49984, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399886397853, "etime": 1727399886397853, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49920, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399934646137, "etime": 1727399934646137, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49968, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399955255484, "etime": 1727399955255484, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49992, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399951161553, "etime": 1727399951161553, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49987, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399950146489, "etime": 1727399950146489, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49986, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399825219256, "etime": 1727399825219256, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49915, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399901367100, "etime": 1727399901367100, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49934, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399825231891, "etime": 1727399825231891, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49916, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399908583462, "etime": 1727399908583462, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49943, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399905476043, "etime": 1727399905476043, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49939, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399922895833, "etime": 1727399922895833, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49958, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399928536576, "etime": 1727399928536576, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49962, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399941927647, "etime": 1727399941927647, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49977, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399898325348, "etime": 1727399898325348, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49931, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399909599176, "etime": 1727399909599176, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49944, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399907573808, "etime": 1727399907573808, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49942, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399931585136, "etime": 1727399931585136, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49965, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399891474745, "etime": 1727399891474745, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49925, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399892491159, "etime": 1727399892491159, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49926, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399885384287, "etime": 1727399885384287, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49919, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399912645746, "etime": 1727399912645746, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49947, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399912737102, "etime": 1727399912737102, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49948, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399929552682, "etime": 1727399929552682, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49963, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399938849540, "etime": 1727399938849540, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49973, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399951203903, "etime": 1727399951203903, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49988, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399914771623, "etime": 1727399914771623, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49950, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399900349465, "etime": 1727399900349465, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49933, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399935678942, "etime": 1727399935678942, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49969, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399953223874, "etime": 1727399953223874, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49990, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399927520726, "etime": 1727399927520726, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49961, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399896255316, "etime": 1727399896255316, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49928, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399898287213, "etime": 1727399898287213, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49930, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399926505444, "etime": 1727399926505444, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49960, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399911631105, "etime": 1727399911631105, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49946, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399921880083, "etime": 1727399921880083, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49957, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727399947037492, "etime": 1727399947037492, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49982, "dest_port": 8900, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:36.936] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25085 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=db5afa7be4185548ef7153c7ba60c5c0ae53599fb02ec68d9751954f204a66bb&X-Amz-Date=20251210T023231Z&X-Amz-Expires=604800"} [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:36.936] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:43.109] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl|result:{"code": 0, "total_count": 82, "abnormal_count": 0, "normal_count": 82, "alert_count": 0, "timestamp": 1765362823107, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727407402569384, "etime": 1727407402569384, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49702, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407420851816, "etime": 1727407420851816, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49722, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407467204090, "etime": 1727407467204090, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49774, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407409666364, "etime": 1727407409666364, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49709, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407466170820, "etime": 1727407466170820, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49772, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407422942062, "etime": 1727407422942062, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49725, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407469227989, "etime": 1727407469227989, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49776, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407437198088, "etime": 1727407437198088, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49742, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407419837877, "etime": 1727407419837877, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49721, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407416795490, "etime": 1727407416795490, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49718, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407434127752, "etime": 1727407434127752, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49738, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407457028750, "etime": 1727407457028750, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49761, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407447844007, "etime": 1727407447844007, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49750, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407411694525, "etime": 1727407411694525, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49711, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407463112537, "etime": 1727407463112537, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49768, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407452925429, "etime": 1727407452925429, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49756, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407404597535, "etime": 1727407404597535, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49704, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407451911514, "etime": 1727407451911514, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49755, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407431069639, "etime": 1727407431069639, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49734, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407340525341, "etime": 1727407340525341, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49699, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407413722561, "etime": 1727407413722561, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49713, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407440242730, "etime": 1727407440242730, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49745, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407413741457, "etime": 1727407413741457, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49714, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407432099635, "etime": 1727407432099635, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49736, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407435141636, "etime": 1727407435141636, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49739, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407464126116, "etime": 1727407464126116, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49769, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407464146598, "etime": 1727407464146598, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49770, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407340509209, "etime": 1727407340509209, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49698, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407422962177, "etime": 1727407422962177, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49726, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407407638405, "etime": 1727407407638405, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49707, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407468213640, "etime": 1727407468213640, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49775, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407471262269, "etime": 1727407471262269, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49779, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407414752114, "etime": 1727407414752114, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49715, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407460070071, "etime": 1727407460070071, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49764, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407408652600, "etime": 1727407408652600, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49708, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407418824472, "etime": 1727407418824472, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49720, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407443284709, "etime": 1727407443284709, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49748, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407403582767, "etime": 1727407403582767, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49703, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407431085306, "etime": 1727407431085306, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49735, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407450897577, "etime": 1727407450897577, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49754, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407462098221, "etime": 1727407462098221, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49767, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407415765991, "etime": 1727407415765991, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49716, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407425999764, "etime": 1727407425999764, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49729, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407465156298, "etime": 1727407465156298, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49771, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407437169887, "etime": 1727407437169887, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49741, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407461084502, "etime": 1727407461084502, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49766, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407415779208, "etime": 1727407415779208, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49717, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407421928235, "etime": 1727407421928235, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49724, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407448853661, "etime": 1727407448853661, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49751, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407420925249, "etime": 1727407420925249, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49723, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407405610565, "etime": 1727407405610565, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49705, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407444298520, "etime": 1727407444298520, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49749, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407448874340, "etime": 1727407448874340, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49752, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407459056489, "etime": 1727407459056489, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49763, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407400540753, "etime": 1727407400540753, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49700, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407430055989, "etime": 1727407430055989, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49733, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407424985852, "etime": 1727407424985852, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49728, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407429042324, "etime": 1727407429042324, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49732, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407433113330, "etime": 1727407433113330, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49737, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407436155360, "etime": 1727407436155360, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49740, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407438214619, "etime": 1727407438214619, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49743, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407439229202, "etime": 1727407439229202, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49744, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407449883413, "etime": 1727407449883413, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49753, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407441256559, "etime": 1727407441256559, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49746, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407423971598, "etime": 1727407423971598, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49727, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407455000296, "etime": 1727407455000296, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49759, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407460082814, "etime": 1727407460082814, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49765, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407470241644, "etime": 1727407470241644, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49777, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407417809751, "etime": 1727407417809751, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49719, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407453939719, "etime": 1727407453939719, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49757, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407410680602, "etime": 1727407410680602, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49710, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407412708970, "etime": 1727407412708970, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49712, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407428027843, "etime": 1727407428027843, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49731, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407453989971, "etime": 1727407453989971, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49758, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407427013609, "etime": 1727407427013609, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49730, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407471255685, "etime": 1727407471255685, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49778, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407467184188, "etime": 1727407467184188, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49773, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407456014412, "etime": 1727407456014412, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49760, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407442270813, "etime": 1727407442270813, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49747, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407458042285, "etime": 1727407458042285, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49762, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407406624706, "etime": 1727407406624706, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49706, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407401554567, "etime": 1727407401554567, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49701, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:43.109] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24678 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ac4cebeec5695da002e9119df990a006cb176edd5d4f4ca15c961600848449a0&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023234Z"} [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:43.109] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:43.187] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362823187, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645691903184, "etime": 1726645691903184, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49304, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:33:43.188] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26332 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl?X-Amz-Date=20251210T023237Z&X-Amz-Signature=892f7e6274dcb7348da30bfe0bd2acdd641ca0a82f69dd960017c202a10c6a01&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:43.188] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:49.392] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl|result:{"code": 0, "total_count": 83, "abnormal_count": 0, "normal_count": 83, "alert_count": 0, "timestamp": 1765362829390, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727331992581334, "etime": 1727331992581334, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51661, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331961050803, "etime": 1727331961050803, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51628, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332010941085, "etime": 1727332010941085, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51680, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331960034718, "etime": 1727331960034718, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51627, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331997737454, "etime": 1727331997737454, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51667, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332029253278, "etime": 1727332029253278, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51698, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331968769719, "etime": 1727331968769719, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51634, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331975129011, "etime": 1727331975129011, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51642, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331974065836, "etime": 1727331974065836, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51640, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331958003616, "etime": 1727331958003616, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51625, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331992659947, "etime": 1727331992659947, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51662, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332017034156, "etime": 1727332017034156, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51686, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332018050239, "etime": 1727332018050239, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51687, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332002815817, "etime": 1727332002815817, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51672, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332025190765, "etime": 1727332025190765, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332019065900, "etime": 1727332019065900, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51688, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332016019533, "etime": 1727332016019533, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51685, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331993675260, "etime": 1727331993675260, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51663, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331991565710, "etime": 1727331991565710, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51660, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332024174846, "etime": 1727332024174846, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51693, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332015003505, "etime": 1727332015003505, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51684, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332020113616, "etime": 1727332020113616, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51689, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331995706413, "etime": 1727331995706413, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51665, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332033409560, "etime": 1727332033409560, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51703, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331982331356, "etime": 1727331982331356, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51650, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332004846790, "etime": 1727332004846790, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51674, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331980299679, "etime": 1727331980299679, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51648, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331990550680, "etime": 1727331990550680, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51659, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331988503813, "etime": 1727331988503813, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51657, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332031378800, "etime": 1727332031378800, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51701, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331974122620, "etime": 1727331974122620, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51641, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331966732130, "etime": 1727331966732130, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51632, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332022143805, "etime": 1727332022143805, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51691, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331987487742, "etime": 1727331987487742, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51656, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332034457597, "etime": 1727332034457597, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51704, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331967737722, "etime": 1727331967737722, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51633, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331970815927, "etime": 1727331970815927, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51636, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331983347398, "etime": 1727331983347398, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51651, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331963081105, "etime": 1727331963081105, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51630, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332030289026, "etime": 1727332030289026, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51699, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331977159605, "etime": 1727331977159605, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51644, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332021129418, "etime": 1727332021129418, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51690, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331981316341, "etime": 1727331981316341, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51649, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331985378668, "etime": 1727331985378668, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51653, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332001800682, "etime": 1727332001800682, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51671, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332034465285, "etime": 1727332034465285, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51705, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332005863101, "etime": 1727332005863101, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51675, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332013988493, "etime": 1727332013988493, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51683, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331969784374, "etime": 1727331969784374, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51635, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331971015765, "etime": 1727331971015765, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51637, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331985456124, "etime": 1727331985456124, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51654, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331972034408, "etime": 1727331972034408, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51638, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332026207236, "etime": 1727332026207236, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51695, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331989535922, "etime": 1727331989535922, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51658, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331999768517, "etime": 1727331999768517, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51669, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332032394183, "etime": 1727332032394183, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51702, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331973050613, "etime": 1727331973050613, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51639, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332003831438, "etime": 1727332003831438, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51673, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332008909561, "etime": 1727332008909561, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51678, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332000784451, "etime": 1727332000784451, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51670, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331980207260, "etime": 1727331980207260, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51647, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331984363102, "etime": 1727331984363102, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51652, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332009925529, "etime": 1727332009925529, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51679, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332011956450, "etime": 1727332011956450, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51681, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331897966728, "etime": 1727331897966728, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51622, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331986471747, "etime": 1727331986471747, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51655, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332027222036, "etime": 1727332027222036, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331964097387, "etime": 1727331964097387, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51631, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331962065716, "etime": 1727331962065716, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51629, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332030363173, "etime": 1727332030363173, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51700, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331994690738, "etime": 1727331994690738, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51664, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332028238138, "etime": 1727332028238138, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51697, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332007893942, "etime": 1727332007893942, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51677, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331979190920, "etime": 1727331979190920, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51646, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332006878152, "etime": 1727332006878152, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51676, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331978174815, "etime": 1727331978174815, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51645, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331959021269, "etime": 1727331959021269, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51626, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331998754148, "etime": 1727331998754148, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51668, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331996722545, "etime": 1727331996722545, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51666, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332012972388, "etime": 1727332012972388, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51682, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331897986582, "etime": 1727331897986582, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51623, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727331976144009, "etime": 1727331976144009, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51643, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1727332023159923, "etime": 1727332023159923, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51692, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:33:49.392] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25086 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023241Z&X-Amz-Expires=604800&X-Amz-Signature=deb7c8e935ee00c92008c6f83b63f2aaddf6886bb757f16fd4cbb7c1d0e1d430&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:49.392] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:49.393] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:33:57.699] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl|result:{"code": 1, "total_count": 112, "abnormal_count": 110, "normal_count": 2, "alert_count": 110, "timestamp": 1765362837697, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726231693172523, "etime": 1726231693172523, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49762, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231760005108, "etime": 1726231760005108, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49806, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231655718417, "etime": 1726231655718417, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49738, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231657786858, "etime": 1726231657786858, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49740, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231726605634, "etime": 1726231726605634, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49784, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231749372181, "etime": 1726231749372181, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49799, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231747833208, "etime": 1726231747833208, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49798, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231750893867, "etime": 1726231750893867, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49800, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231761532869, "etime": 1726231761532869, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49807, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231652667962, "etime": 1726231652667962, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49736, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726231644013071, "etime": 1726231644013071, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49729, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231660801716, "etime": 1726231660801716, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231687135693, "etime": 1726231687135693, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49758, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231763029603, "etime": 1726231763029603, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49808, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231773494017, "etime": 1726231773494017, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49815, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231650627894, "etime": 1726231650627894, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49734, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231645538594, "etime": 1726231645538594, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49730, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231723576388, "etime": 1726231723576388, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49782, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231725075688, "etime": 1726231725075688, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231728118109, "etime": 1726231728118109, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49785, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231744783085, "etime": 1726231744783085, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49796, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231716006844, "etime": 1726231716006844, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49777, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231799309698, "etime": 1726231799309698, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49832, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231768995382, "etime": 1726231768995382, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49812, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231803840516, "etime": 1726231803840516, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49835, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231746307629, "etime": 1726231746307629, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49797, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231793216041, "etime": 1726231793216041, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49828, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231669532547, "etime": 1726231669532547, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49749, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231652138598, "etime": 1726231652138598, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49735, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231794713165, "etime": 1726231794713165, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49829, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231706839387, "etime": 1726231706839387, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49771, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231691673353, "etime": 1726231691673353, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231720558087, "etime": 1726231720558087, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49780, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231717531741, "etime": 1726231717531741, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49778, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231640948027, "etime": 1726231640948027, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231654196756, "etime": 1726231654196756, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49737, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231709859370, "etime": 1726231709859370, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231690157186, "etime": 1726231690157186, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49760, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231699225427, "etime": 1726231699225427, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49766, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231722060470, "etime": 1726231722060470, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49781, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231647047793, "etime": 1726231647047793, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49731, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231702245505, "etime": 1726231702245505, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49768, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231740237289, "etime": 1726231740237289, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49793, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231755431948, "etime": 1726231755431948, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49803, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231771983853, "etime": 1726231771983853, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49814, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231737201558, "etime": 1726231737201558, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49791, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231775020280, "etime": 1726231775020280, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49816, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231674624984, "etime": 1726231674624984, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49753, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231743241838, "etime": 1726231743241838, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49795, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231776544594, "etime": 1726231776544594, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49817, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231659301469, "etime": 1726231659301469, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49741, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231729615407, "etime": 1726231729615407, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49786, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231779502671, "etime": 1726231779502671, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49819, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231787142400, "etime": 1726231787142400, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49824, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231805335157, "etime": 1726231805335157, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49836, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231780995512, "etime": 1726231780995512, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49820, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231694686477, "etime": 1726231694686477, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49763, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231672554380, "etime": 1726231672554380, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49751, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231684114948, "etime": 1726231684114948, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49756, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726231758476575, "etime": 1726231758476575, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49805, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231673121055, "etime": 1726231673121055, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49752, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1726231664421167, "etime": 1726231664421167, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49745, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231766004939, "etime": 1726231766004939, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49810, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231734150353, "etime": 1726231734150353, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49789, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231770504976, "etime": 1726231770504976, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49813, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231785640091, "etime": 1726231785640091, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49823, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231667445299, "etime": 1726231667445299, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49747, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231714481527, "etime": 1726231714481527, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49776, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231790158144, "etime": 1726231790158144, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49826, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231642487713, "etime": 1726231642487713, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49728, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231764525992, "etime": 1726231764525992, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49809, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231719039234, "etime": 1726231719039234, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49779, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231732638764, "etime": 1726231732638764, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231662315257, "etime": 1726231662315257, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49743, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231580326222, "etime": 1726231580326222, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49724, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231696215185, "etime": 1726231696215185, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49764, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231657239403, "etime": 1726231657239403, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49739, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231697728051, "etime": 1726231697728051, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49765, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231731126949, "etime": 1726231731126949, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49787, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231668025766, "etime": 1726231668025766, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49748, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1726231705344615, "etime": 1726231705344615, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49770, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231649102389, "etime": 1726231649102389, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49733, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231665934675, "etime": 1726231665934675, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49746, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231735675701, "etime": 1726231735675701, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231784105387, "etime": 1726231784105387, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49822, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231711368697, "etime": 1726231711368697, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49774, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231800835344, "etime": 1726231800835344, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49833, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231700718895, "etime": 1726231700718895, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49767, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231703772945, "etime": 1726231703772945, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49769, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231753915619, "etime": 1726231753915619, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231738728258, "etime": 1726231738728258, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49792, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231791672957, "etime": 1726231791672957, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49827, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231708349304, "etime": 1726231708349304, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49772, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231782520464, "etime": 1726231782520464, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49821, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231778007409, "etime": 1726231778007409, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49818, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231797798895, "etime": 1726231797798895, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49831, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231805825765, "etime": 1726231805825765, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49837, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231802346621, "etime": 1726231802346621, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49834, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231676119696, "etime": 1726231676119696, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49754, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231677628999, "etime": 1726231677628999, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49755, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231767500091, "etime": 1726231767500091, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231788643796, "etime": 1726231788643796, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49825, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231796271476, "etime": 1726231796271476, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231712959787, "etime": 1726231712959787, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49775, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231752413913, "etime": 1726231752413913, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231647605544, "etime": 1726231647605544, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49732, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231662933840, "etime": 1726231662933840, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49744, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231688657260, "etime": 1726231688657260, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49759, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231756962555, "etime": 1726231756962555, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49804, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231671059155, "etime": 1726231671059155, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49750, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231685629316, "etime": 1726231685629316, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49757, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1726231741747531, "etime": 1726231741747531, "src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "src_port": 49794, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 110|max_alert: 1000 [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:33:57.699] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25087 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=c95a279c305b2c476e2acd56fecc68a3745bd39488b62cfdad7eade8957d68cb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023243Z"} [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:33:57.699] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:04.221] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl|result:{"code": 0, "total_count": 85, "abnormal_count": 0, "normal_count": 85, "alert_count": 0, "timestamp": 1765362844219, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727332655846737, "etime": 1727332655846737, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51934, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332706940934, "etime": 1727332706940934, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51986, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332690597109, "etime": 1727332690597109, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51969, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332714113274, "etime": 1727332714113274, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51994, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332674347096, "etime": 1727332674347096, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51953, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332713097564, "etime": 1727332713097564, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51993, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332656862253, "etime": 1727332656862253, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51935, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332722331427, "etime": 1727332722331427, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52003, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332720206899, "etime": 1727332720206899, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52000, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332693644301, "etime": 1727332693644301, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51972, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332712079430, "etime": 1727332712079430, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51992, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332686535165, "etime": 1727332686535165, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51965, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332660925874, "etime": 1727332660925874, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51939, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332700753360, "etime": 1727332700753360, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51979, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332668254079, "etime": 1727332668254079, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51947, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332692628381, "etime": 1727332692628381, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51971, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332697706142, "etime": 1727332697706142, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51976, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332725378779, "etime": 1727332725378779, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52006, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332661940950, "etime": 1727332661940950, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51940, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332704914117, "etime": 1727332704914117, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51984, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332725387220, "etime": 1727332725387220, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52007, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332676378900, "etime": 1727332676378900, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51955, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332683488210, "etime": 1727332683488210, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51962, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332719191268, "etime": 1727332719191268, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51999, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332721222957, "etime": 1727332721222957, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52001, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332667237723, "etime": 1727332667237723, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51946, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332716143916, "etime": 1727332716143916, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51996, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332703902553, "etime": 1727332703902553, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51983, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332673331280, "etime": 1727332673331280, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51952, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332663972300, "etime": 1727332663972300, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51942, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332675363252, "etime": 1727332675363252, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51954, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332684503862, "etime": 1727332684503862, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51963, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332696691371, "etime": 1727332696691371, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51975, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332707956133, "etime": 1727332707956133, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51987, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332708971787, "etime": 1727332708971787, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51988, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332712019248, "etime": 1727332712019248, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51991, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332721323466, "etime": 1727332721323466, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52002, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332650769532, "etime": 1727332650769532, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51929, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332681456347, "etime": 1727332681456347, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51960, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332664188410, "etime": 1727332664188410, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51943, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332679425642, "etime": 1727332679425642, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51958, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332647081295, "etime": 1727332647081295, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51927, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332678410113, "etime": 1727332678410113, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51957, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332705927435, "etime": 1727332705927435, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51985, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332669268878, "etime": 1727332669268878, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51948, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332585036675, "etime": 1727332585036675, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51924, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332680441543, "etime": 1727332680441543, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51959, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332699738447, "etime": 1727332699738447, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51978, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332659910876, "etime": 1727332659910876, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51938, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332646066900, "etime": 1727332646066900, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51926, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332689581528, "etime": 1727332689581528, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51968, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332701796645, "etime": 1727332701796645, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51980, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332672315935, "etime": 1727332672315935, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51951, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332687549896, "etime": 1727332687549896, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51966, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332702815510, "etime": 1727332702815510, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51981, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332703831943, "etime": 1727332703831943, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51982, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332670285277, "etime": 1727332670285277, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51949, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332677394352, "etime": 1727332677394352, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51956, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332709988052, "etime": 1727332709988052, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51989, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332671300331, "etime": 1727332671300331, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51950, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332585013053, "etime": 1727332585013053, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51923, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332662956469, "etime": 1727332662956469, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51941, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332694661565, "etime": 1727332694661565, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51973, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332715128500, "etime": 1727332715128500, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51995, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332717160579, "etime": 1727332717160579, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51997, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332723346954, "etime": 1727332723346954, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52004, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332657879215, "etime": 1727332657879215, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51936, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332666222064, "etime": 1727332666222064, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51945, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332691613211, "etime": 1727332691613211, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51970, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332718175250, "etime": 1727332718175250, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51998, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332649754427, "etime": 1727332649754427, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51928, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332645050309, "etime": 1727332645050309, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51925, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332653816898, "etime": 1727332653816898, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51932, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332688565732, "etime": 1727332688565732, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51967, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332711003526, "etime": 1727332711003526, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51990, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332658893791, "etime": 1727332658893791, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51937, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332685519383, "etime": 1727332685519383, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51964, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332652800380, "etime": 1727332652800380, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51931, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332651784565, "etime": 1727332651784565, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51930, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332654831557, "etime": 1727332654831557, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51933, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332695675142, "etime": 1727332695675142, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51974, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332698722382, "etime": 1727332698722382, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51977, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332682472609, "etime": 1727332682472609, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51961, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332724362912, "etime": 1727332724362912, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52005, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332665206805, "etime": 1727332665206805, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51944, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:04.221] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26333 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T023247Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=40c624e4dac057cf3b4dcaca88ee8588bcf2fb6adaa037248a8a9d382f3d6aab"} [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:04.221] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:09.794] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl|result:{"code": 0, "total_count": 74, "abnormal_count": 0, "normal_count": 74, "alert_count": 0, "timestamp": 1765362849792, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727402173447234, "etime": 1727402173447234, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50622, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402182728268, "etime": 1727402182728268, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50634, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402224650236, "etime": 1727402224650236, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50683, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402187990710, "etime": 1727402187990710, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50641, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402199400284, "etime": 1727402199400284, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50655, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402205587694, "etime": 1727402205587694, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50663, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402221611352, "etime": 1727402221611352, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50680, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402180697381, "etime": 1727402180697381, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50632, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402185900845, "etime": 1727402185900845, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50638, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402217493875, "etime": 1727402217493875, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50675, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402194181263, "etime": 1727402194181263, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50649, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402178587951, "etime": 1727402178587951, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50628, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402206604059, "etime": 1727402206604059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50664, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402223634674, "etime": 1727402223634674, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50682, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402203557447, "etime": 1727402203557447, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50661, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402184891482, "etime": 1727402184891482, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50637, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402200417879, "etime": 1727402200417879, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50656, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402226735960, "etime": 1727402226735960, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50686, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402183743991, "etime": 1727402183743991, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50635, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402178632013, "etime": 1727402178632013, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50629, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402213384735, "etime": 1727402213384735, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50670, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402179687435, "etime": 1727402179687435, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50631, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402229782182, "etime": 1727402229782182, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50690, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402202494851, "etime": 1727402202494851, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50659, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402213440720, "etime": 1727402213440720, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50671, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402181714715, "etime": 1727402181714715, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50633, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402203509688, "etime": 1727402203509688, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50660, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402190069814, "etime": 1727402190069814, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50644, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402174478453, "etime": 1727402174478453, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50623, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402177574518, "etime": 1727402177574518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50627, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402172437464, "etime": 1727402172437464, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50621, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402198244206, "etime": 1727402198244206, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50653, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402197228858, "etime": 1727402197228858, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50652, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402212369059, "etime": 1727402212369059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50669, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402215463014, "etime": 1727402215463014, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50673, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402200469733, "etime": 1727402200469733, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50657, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402189010165, "etime": 1727402189010165, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50642, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402201479057, "etime": 1727402201479057, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50658, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402214447220, "etime": 1727402214447220, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50672, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402187947398, "etime": 1727402187947398, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50640, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402190025181, "etime": 1727402190025181, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50643, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402186931865, "etime": 1727402186931865, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50639, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402191089125, "etime": 1727402191089125, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50645, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402198389630, "etime": 1727402198389630, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50654, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402169634602, "etime": 1727402169634602, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50620, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402204571968, "etime": 1727402204571968, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50662, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402168619618, "etime": 1727402168619618, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50619, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402210285514, "etime": 1727402210285514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50666, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402184760084, "etime": 1727402184760084, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50636, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402193170892, "etime": 1727402193170892, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50648, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402195197815, "etime": 1727402195197815, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50650, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402211354094, "etime": 1727402211354094, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50668, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402225665878, "etime": 1727402225665878, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50684, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402227744401, "etime": 1727402227744401, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50687, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402207619133, "etime": 1727402207619133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50665, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402220541114, "etime": 1727402220541114, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50678, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402229775774, "etime": 1727402229775774, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50689, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402222619412, "etime": 1727402222619412, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50681, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402192103210, "etime": 1727402192103210, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50646, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402175494518, "etime": 1727402175494518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50624, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402228760174, "etime": 1727402228760174, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50688, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402219525436, "etime": 1727402219525436, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50677, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402193119924, "etime": 1727402193119924, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50647, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402211291133, "etime": 1727402211291133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50667, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402221556314, "etime": 1727402221556314, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50679, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402176556609, "etime": 1727402176556609, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50626, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402226681537, "etime": 1727402226681537, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50685, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402216478525, "etime": 1727402216478525, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50674, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402179650587, "etime": 1727402179650587, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50630, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402108612694, "etime": 1727402108612694, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50618, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402218509719, "etime": 1727402218509719, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50676, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402196212955, "etime": 1727402196212955, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50651, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402108595969, "etime": 1727402108595969, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50617, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402175549773, "etime": 1727402175549773, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50625, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:09.794] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24679 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5a352ea0983e337c127f9d1ff71a97e5f814fb68e2159fe37f9c74b33faa00f0&X-Amz-Date=20251210T023250Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:09.794] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:16.438] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl|result:{"code": 0, "total_count": 88, "abnormal_count": 0, "normal_count": 88, "alert_count": 0, "timestamp": 1765362856436, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727339772381014, "etime": 1727339772381014, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54039, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339821209935, "etime": 1727339821209935, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54089, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339822224467, "etime": 1727339822224467, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54090, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339751005563, "etime": 1727339751005563, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54017, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339788630977, "etime": 1727339788630977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54055, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339817099737, "etime": 1727339817099737, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54084, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339764209200, "etime": 1727339764209200, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54030, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339805896407, "etime": 1727339805896407, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54072, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339744099893, "etime": 1727339744099893, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54012, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339678992679, "etime": 1727339678992679, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54005, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339771365356, "etime": 1727339771365356, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54038, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339815068130, "etime": 1727339815068130, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54082, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339807927766, "etime": 1727339807927766, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54074, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339769334110, "etime": 1727339769334110, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54036, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339818161875, "etime": 1727339818161875, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54086, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339781521273, "etime": 1727339781521273, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54048, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339813006288, "etime": 1727339813006288, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54079, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339741052391, "etime": 1727339741052391, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54009, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339809958761, "etime": 1727339809958761, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54076, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339743083622, "etime": 1727339743083622, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54011, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339752021549, "etime": 1727339752021549, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54018, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339773396590, "etime": 1727339773396590, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54040, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339749990511, "etime": 1727339749990511, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54016, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339784568346, "etime": 1727339784568346, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54051, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339797771386, "etime": 1727339797771386, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54064, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339782537476, "etime": 1727339782537476, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54049, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339760146480, "etime": 1727339760146480, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54026, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339798786867, "etime": 1727339798786867, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54065, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339755068436, "etime": 1727339755068436, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54021, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339800818515, "etime": 1727339800818515, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54067, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339806912625, "etime": 1727339806912625, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54073, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339768271331, "etime": 1727339768271331, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54034, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339791677788, "etime": 1727339791677788, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54058, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339820193330, "etime": 1727339820193330, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54088, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339767255730, "etime": 1727339767255730, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54033, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339769287811, "etime": 1727339769287811, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54035, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339757099736, "etime": 1727339757099736, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54023, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339758114947, "etime": 1727339758114947, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54024, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339776443268, "etime": 1727339776443268, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54043, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339783552869, "etime": 1727339783552869, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54050, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339823240456, "etime": 1727339823240456, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54091, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339804881190, "etime": 1727339804881190, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54071, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339785584324, "etime": 1727339785584324, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54052, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339814022366, "etime": 1727339814022366, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54080, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339793708718, "etime": 1727339793708718, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54060, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339740036959, "etime": 1727339740036959, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54008, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339777458651, "etime": 1727339777458651, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54044, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339817150111, "etime": 1727339817150111, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54085, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339766240198, "etime": 1727339766240198, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54032, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339739021439, "etime": 1727339739021439, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54007, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339774412235, "etime": 1727339774412235, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54041, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339796756017, "etime": 1727339796756017, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54063, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339810974350, "etime": 1727339810974350, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54077, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339765224339, "etime": 1727339765224339, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54031, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339762177532, "etime": 1727339762177532, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54028, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339763193395, "etime": 1727339763193395, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54029, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339795740456, "etime": 1727339795740456, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54062, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339786599392, "etime": 1727339786599392, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54053, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339811990221, "etime": 1727339811990221, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54078, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339679005291, "etime": 1727339679005291, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54006, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339787615401, "etime": 1727339787615401, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54054, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339789646510, "etime": 1727339789646510, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54056, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339792693397, "etime": 1727339792693397, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54059, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339801833902, "etime": 1727339801833902, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54068, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339819177549, "etime": 1727339819177549, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54087, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339808943370, "etime": 1727339808943370, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54075, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339742068169, "etime": 1727339742068169, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54010, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339770349826, "etime": 1727339770349826, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54037, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339746130730, "etime": 1727339746130730, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54014, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339761162238, "etime": 1727339761162238, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54027, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339790661957, "etime": 1727339790661957, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54057, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339759131482, "etime": 1727339759131482, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54025, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339756084045, "etime": 1727339756084045, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54022, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339802849737, "etime": 1727339802849737, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54069, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339803865227, "etime": 1727339803865227, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54070, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339823243592, "etime": 1727339823243592, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54092, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339754052448, "etime": 1727339754052448, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54020, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339816084178, "etime": 1727339816084178, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54083, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339753036978, "etime": 1727339753036978, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54019, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339780506292, "etime": 1727339780506292, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54047, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339794725016, "etime": 1727339794725016, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54061, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339745114784, "etime": 1727339745114784, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54013, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339779490220, "etime": 1727339779490220, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54046, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339775427800, "etime": 1727339775427800, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54042, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339748983606, "etime": 1727339748983606, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54015, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339778474723, "etime": 1727339778474723, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54045, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339799804524, "etime": 1727339799804524, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54066, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727339814053498, "etime": 1727339814053498, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54081, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:16.438] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:16.439] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24680 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b856aaca7752f9be166534a71f88399aef252548399349eab10eafc1615abbd1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023253Z"} [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:16.439] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:21.693] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl|result:{"code": 0, "total_count": 71, "abnormal_count": 0, "normal_count": 71, "alert_count": 0, "timestamp": 1765362861691, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727400338038050, "etime": 1727400338038050, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50069, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400340068499, "etime": 1727400340068499, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50071, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400387757628, "etime": 1727400387757628, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50121, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400392912237, "etime": 1727400392912237, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50128, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400346271606, "etime": 1727400346271606, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50079, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400351381297, "etime": 1727400351381297, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50084, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400347289217, "etime": 1727400347289217, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50080, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400361318471, "etime": 1727400361318471, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50092, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400339053022, "etime": 1727400339053022, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50070, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400383568600, "etime": 1727400383568600, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50116, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400278022497, "etime": 1727400278022497, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50068, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400386740733, "etime": 1727400386740733, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50120, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400390850253, "etime": 1727400390850253, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50125, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400393928388, "etime": 1727400393928388, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50129, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400394943836, "etime": 1727400394943836, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50130, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400342149009, "etime": 1727400342149009, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50074, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400343162391, "etime": 1727400343162391, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50075, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400371251046, "etime": 1727400371251046, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50102, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400350349687, "etime": 1727400350349687, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50083, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400355209239, "etime": 1727400355209239, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50086, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400378382769, "etime": 1727400378382769, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50109, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400385724252, "etime": 1727400385724252, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50119, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400369178349, "etime": 1727400369178349, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50099, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400400090542, "etime": 1727400400090542, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50137, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400348303318, "etime": 1727400348303318, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50081, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400345264933, "etime": 1727400345264933, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50078, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400400086189, "etime": 1727400400086189, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50136, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400388811610, "etime": 1727400388811610, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50123, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400377349560, "etime": 1727400377349560, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50108, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400370196011, "etime": 1727400370196011, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50100, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400376335463, "etime": 1727400376335463, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50107, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400384584493, "etime": 1727400384584493, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50117, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400374289270, "etime": 1727400374289270, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50105, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400344194672, "etime": 1727400344194672, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50076, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400396017396, "etime": 1727400396017396, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50132, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400341131003, "etime": 1727400341131003, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50073, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400359271969, "etime": 1727400359271969, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50090, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400358257825, "etime": 1727400358257825, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50089, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400389819064, "etime": 1727400389819064, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50124, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400390893698, "etime": 1727400390893698, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50126, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400398039702, "etime": 1727400398039702, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50134, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400356225232, "etime": 1727400356225232, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50087, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400397021534, "etime": 1727400397021534, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50133, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400278009356, "etime": 1727400278009356, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50067, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400354191838, "etime": 1727400354191838, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50085, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400368171588, "etime": 1727400368171588, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50098, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400381491011, "etime": 1727400381491011, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50113, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400372256510, "etime": 1727400372256510, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50103, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400340125152, "etime": 1727400340125152, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50072, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400381538288, "etime": 1727400381538288, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50114, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400388771668, "etime": 1727400388771668, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50122, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400382553250, "etime": 1727400382553250, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50115, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400378431086, "etime": 1727400378431086, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50110, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400363964866, "etime": 1727400363964866, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50093, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400399052796, "etime": 1727400399052796, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50135, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400364974688, "etime": 1727400364974688, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50094, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400360303537, "etime": 1727400360303537, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50091, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400367021924, "etime": 1727400367021924, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50096, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400395959300, "etime": 1727400395959300, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50131, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400345209146, "etime": 1727400345209146, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50077, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400357240469, "etime": 1727400357240469, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50088, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400379444334, "etime": 1727400379444334, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50111, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400380474890, "etime": 1727400380474890, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50112, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400368039538, "etime": 1727400368039538, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50097, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400391896572, "etime": 1727400391896572, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50127, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400373271874, "etime": 1727400373271874, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50104, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400385600593, "etime": 1727400385600593, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50118, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400375303333, "etime": 1727400375303333, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50106, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400366007192, "etime": 1727400366007192, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50095, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400349334947, "etime": 1727400349334947, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50082, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400371209208, "etime": 1727400371209208, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50101, "dest_port": 8900, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:21.693] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24681 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=eeb72e447e7b0bd3c7b519058aa87c3f2f8929ca9aef243180fa4f8509c0a0ed&X-Amz-Date=20251210T023256Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:21.693] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:27.172] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl|result:{"code": 0, "total_count": 72, "abnormal_count": 0, "normal_count": 72, "alert_count": 0, "timestamp": 1765362867170, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727402583432300, "etime": 1727402583432300, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50753, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402536151541, "etime": 1727402536151541, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50697, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402552406943, "etime": 1727402552406943, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50715, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402573104193, "etime": 1727402573104193, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50742, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402536298537, "etime": 1727402536298537, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50698, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402559738502, "etime": 1727402559738502, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50725, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402569004428, "etime": 1727402569004428, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50737, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402545541625, "etime": 1727402545541625, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50710, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402584494568, "etime": 1727402584494568, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50755, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402589651033, "etime": 1727402589651033, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50761, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402544479447, "etime": 1727402544479447, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50708, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402546557312, "etime": 1727402546557312, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50711, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402570010494, "etime": 1727402570010494, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50738, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402575135679, "etime": 1727402575135679, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50744, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402549604057, "etime": 1727402549604057, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50714, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402473031146, "etime": 1727402473031146, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50692, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402542416324, "etime": 1727402542416324, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50705, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402565854667, "etime": 1727402565854667, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50732, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402586541708, "etime": 1727402586541708, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50757, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402554525123, "etime": 1727402554525123, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50719, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402587620473, "etime": 1727402587620473, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50759, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402539338355, "etime": 1727402539338355, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50701, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402537307280, "etime": 1727402537307280, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50699, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402473015962, "etime": 1727402473015962, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50691, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402548589057, "etime": 1727402548589057, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50713, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402533104660, "etime": 1727402533104660, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50694, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402586612128, "etime": 1727402586612128, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50758, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402574120210, "etime": 1727402574120210, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50743, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402578313602, "etime": 1727402578313602, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50748, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402564838635, "etime": 1727402564838635, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50731, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402567947745, "etime": 1727402567947745, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50735, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402561760503, "etime": 1727402561760503, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50727, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402572088866, "etime": 1727402572088866, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50741, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402582402073, "etime": 1727402582402073, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50752, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402581369762, "etime": 1727402581369762, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50751, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402588637858, "etime": 1727402588637858, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50760, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402533042051, "etime": 1727402533042051, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50693, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402561797828, "etime": 1727402561797828, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50728, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402566926778, "etime": 1727402566926778, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50734, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402538324756, "etime": 1727402538324756, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50700, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402541402731, "etime": 1727402541402731, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50704, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402563823241, "etime": 1727402563823241, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50730, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402568963961, "etime": 1727402568963961, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50736, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402554479517, "etime": 1727402554479517, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50718, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402557572990, "etime": 1727402557572990, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50722, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402558589152, "etime": 1727402558589152, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50723, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402578182727, "etime": 1727402578182727, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50747, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402580356238, "etime": 1727402580356238, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50750, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402589667921, "etime": 1727402589667921, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50762, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402576150822, "etime": 1727402576150822, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50745, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402555541407, "etime": 1727402555541407, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50720, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402544527518, "etime": 1727402544527518, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50709, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402571081997, "etime": 1727402571081997, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50740, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402553465366, "etime": 1727402553465366, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50717, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402577166993, "etime": 1727402577166993, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50746, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402540385340, "etime": 1727402540385340, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50703, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402560744615, "etime": 1727402560744615, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50726, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402556557774, "etime": 1727402556557774, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50721, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402539380504, "etime": 1727402539380504, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50702, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402542458930, "etime": 1727402542458930, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50706, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402547572917, "etime": 1727402547572917, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50712, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402571026431, "etime": 1727402571026431, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50739, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402543463756, "etime": 1727402543463756, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50707, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402579338859, "etime": 1727402579338859, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50749, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402534120451, "etime": 1727402534120451, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50695, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402583482788, "etime": 1727402583482788, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50754, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402553416684, "etime": 1727402553416684, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50716, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402535137162, "etime": 1727402535137162, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50696, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402562807508, "etime": 1727402562807508, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50729, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402566869723, "etime": 1727402566869723, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50733, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402585526232, "etime": 1727402585526232, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50756, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402559604142, "etime": 1727402559604142, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50724, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:27.172] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24682 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023259Z&X-Amz-Expires=604800&X-Amz-Signature=323d3676ca9075e652b5c9b942a03d309c000aa3979c52ab77262eb4fced13b5"} [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:27.172] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:27.251] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362867251, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726643552226862, "etime": 1726643552226862, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49296, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:34:27.251] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25088 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023302Z&X-Amz-Expires=604800&X-Amz-Signature=c595589b3b17a1069b7fd4afed114acb33ad181c3c174bdd5a8f63a5864ef01a"} [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:27.251] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:27.252] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:27.330] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362867329, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726643552226862, "etime": 1726643552226862, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "src_port": 49296, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:34:27.330] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26334 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023305Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4589761a0687491e6001ab364def50100a9cd8ff27b53c84f950109eb5dff324"} [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:27.330] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:32.366] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl|result:{"code": 0, "total_count": 67, "abnormal_count": 0, "normal_count": 67, "alert_count": 0, "timestamp": 1765362872365, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727402714307533, "etime": 1727402714307533, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50780, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402736619856, "etime": 1727402736619856, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50803, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402743854711, "etime": 1727402743854711, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50811, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402720542146, "etime": 1727402720542146, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50787, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402760481533, "etime": 1727402760481533, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50827, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402703950040, "etime": 1727402703950040, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50766, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402759463890, "etime": 1727402759463890, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50826, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402725357905, "etime": 1727402725357905, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50790, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402737638106, "etime": 1727402737638106, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50804, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402758401558, "etime": 1727402758401558, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50824, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402708103603, "etime": 1727402708103603, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50772, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402715323410, "etime": 1727402715323410, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50781, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402748588623, "etime": 1727402748588623, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50815, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402749604444, "etime": 1727402749604444, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50816, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402713290619, "etime": 1727402713290619, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50779, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402747585594, "etime": 1727402747585594, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50814, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402758455170, "etime": 1727402758455170, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50825, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402742839052, "etime": 1727402742839052, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50810, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402722573439, "etime": 1727402722573439, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50789, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402746519125, "etime": 1727402746519125, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50812, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402705004952, "etime": 1727402705004952, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50768, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402718510976, "etime": 1727402718510976, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50785, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402735558179, "etime": 1727402735558179, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50801, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402717494498, "etime": 1727402717494498, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50784, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402728402053, "etime": 1727402728402053, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50793, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402710135939, "etime": 1727402710135939, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50774, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402728452329, "etime": 1727402728452329, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50794, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402730479383, "etime": 1727402730479383, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50796, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402643873517, "etime": 1727402643873517, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50763, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402706010395, "etime": 1727402706010395, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50769, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402704963757, "etime": 1727402704963757, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50767, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402707027360, "etime": 1727402707027360, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50770, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402747526366, "etime": 1727402747526366, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50813, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402752698487, "etime": 1727402752698487, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50820, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402751683172, "etime": 1727402751683172, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50819, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402731495613, "etime": 1727402731495613, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50797, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402732510526, "etime": 1727402732510526, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50798, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402712237560, "etime": 1727402712237560, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50777, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402716338949, "etime": 1727402716338949, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50782, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402757388958, "etime": 1727402757388958, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50823, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402733526233, "etime": 1727402733526233, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50799, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402708042174, "etime": 1727402708042174, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50771, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402740807927, "etime": 1727402740807927, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50808, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402738651529, "etime": 1727402738651529, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50805, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402739792438, "etime": 1727402739792438, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50807, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402643889802, "etime": 1727402643889802, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50764, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402712167656, "etime": 1727402712167656, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50776, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402719526579, "etime": 1727402719526579, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50786, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402734542825, "etime": 1727402734542825, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50800, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402761495639, "etime": 1727402761495639, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50828, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402729464158, "etime": 1727402729464158, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50795, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402727385887, "etime": 1727402727385887, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50792, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402761500086, "etime": 1727402761500086, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50829, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402741823424, "etime": 1727402741823424, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50809, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402750620405, "etime": 1727402750620405, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50817, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402726370049, "etime": 1727402726370049, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50791, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402753713951, "etime": 1727402753713951, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50821, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402721557668, "etime": 1727402721557668, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50788, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402738784352, "etime": 1727402738784352, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50806, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402703901421, "etime": 1727402703901421, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50765, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402750663392, "etime": 1727402750663392, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50818, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402754729835, "etime": 1727402754729835, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50822, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402711151528, "etime": 1727402711151528, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50775, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402735610327, "etime": 1727402735610327, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50802, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402709119928, "etime": 1727402709119928, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50773, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402713245420, "etime": 1727402713245420, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50778, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727402717354640, "etime": 1727402717354640, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50783, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:32.366] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24683 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl?X-Amz-Date=20251210T023308Z&X-Amz-Expires=604800&X-Amz-Signature=436715f58400008db0a9ccd6bb107e9b69f702f96061ba3fca32ccc617659f29&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:32.366] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:32.367] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:37.756] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl|result:{"code": 0, "total_count": 72, "abnormal_count": 0, "normal_count": 72, "alert_count": 0, "timestamp": 1765362877754, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727407180784708, "etime": 1727407180784708, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49661, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407192004525, "etime": 1727407192004525, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49675, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407090650853, "etime": 1727407090650853, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49627, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407152726054, "etime": 1727407152726054, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49631, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407154746637, "etime": 1727407154746637, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49633, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407167023391, "etime": 1727407167023391, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49648, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407195041142, "etime": 1727407195041142, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49679, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407184854477, "etime": 1727407184854477, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49666, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407159911343, "etime": 1727407159911343, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49640, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407151673161, "etime": 1727407151673161, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49629, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407194040809, "etime": 1727407194040809, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49678, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407198083282, "etime": 1727407198083282, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49682, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407203683663, "etime": 1727407203683663, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49685, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407204697634, "etime": 1727407204697634, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49686, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407212856905, "etime": 1727407212856905, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49696, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407212862872, "etime": 1727407212862872, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49697, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407178739276, "etime": 1727407178739276, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49658, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407194027942, "etime": 1727407194027942, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49677, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407191983951, "etime": 1727407191983951, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49674, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407181796918, "etime": 1727407181796918, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49662, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407183824734, "etime": 1727407183824734, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49664, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407196055616, "etime": 1727407196055616, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49680, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407186882598, "etime": 1727407186882598, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49668, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407175685837, "etime": 1727407175685837, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49654, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407155760881, "etime": 1727407155760881, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49634, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407171079776, "etime": 1727407171079776, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49652, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407207755248, "etime": 1727407207755248, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49690, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407159894226, "etime": 1727407159894226, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49639, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407189956036, "etime": 1727407189956036, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49672, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407190970033, "etime": 1727407190970033, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49673, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407172093930, "etime": 1727407172093930, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49653, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407170065859, "etime": 1727407170065859, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49651, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407156790188, "etime": 1727407156790188, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49635, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407162967913, "etime": 1727407162967913, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49644, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407185868517, "etime": 1727407185868517, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49667, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407179753572, "etime": 1727407179753572, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49659, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407179765529, "etime": 1727407179765529, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49660, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407209815132, "etime": 1727407209815132, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49693, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407153732994, "etime": 1727407153732994, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49632, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407187896480, "etime": 1727407187896480, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49669, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407211842743, "etime": 1727407211842743, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49695, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407160924766, "etime": 1727407160924766, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49641, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407161937970, "etime": 1727407161937970, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49642, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407164996026, "etime": 1727407164996026, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49646, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407176695862, "etime": 1727407176695862, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49655, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407188941393, "etime": 1727407188941393, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49671, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407168037906, "etime": 1727407168037906, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49649, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407210828919, "etime": 1727407210828919, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49694, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407208770807, "etime": 1727407208770807, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49691, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407208803397, "etime": 1727407208803397, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49692, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407182810685, "etime": 1727407182810685, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49663, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407090630446, "etime": 1727407090630446, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49626, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407157804031, "etime": 1727407157804031, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49636, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407205727245, "etime": 1727407205727245, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49688, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407161952339, "etime": 1727407161952339, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49643, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407152687490, "etime": 1727407152687490, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49630, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407187936964, "etime": 1727407187936964, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49670, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407202670148, "etime": 1727407202670148, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49684, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407177725513, "etime": 1727407177725513, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49657, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407166010106, "etime": 1727407166010106, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49647, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407206741668, "etime": 1727407206741668, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49689, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407176722908, "etime": 1727407176722908, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49656, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407169051788, "etime": 1727407169051788, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49650, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407183848750, "etime": 1727407183848750, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49665, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407204715230, "etime": 1727407204715230, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49687, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407150659310, "etime": 1727407150659310, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49628, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407197069447, "etime": 1727407197069447, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49681, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407157865206, "etime": 1727407157865206, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49637, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407158881123, "etime": 1727407158881123, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49638, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407193013219, "etime": 1727407193013219, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49676, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407163981700, "etime": 1727407163981700, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49645, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727407201658106, "etime": 1727407201658106, "src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "src_port": 49683, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:37.756] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25089 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=d7ac03534963b217c424ea7dfd2f7bb08a3647a7690d15b2aa3a9a4f22aa74a3&X-Amz-Expires=604800&X-Amz-Date=20251210T023312Z"} [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:37.756] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:43.265] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl|result:{"code": 0, "total_count": 73, "abnormal_count": 0, "normal_count": 73, "alert_count": 0, "timestamp": 1765362883263, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727400192679455, "etime": 1727400192679455, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50036, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400171037514, "etime": 1727400171037514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50012, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400168958840, "etime": 1727400168958840, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50009, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400163884295, "etime": 1727400163884295, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50004, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400157733206, "etime": 1727400157733206, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49997, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400173068318, "etime": 1727400173068318, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50014, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400164896344, "etime": 1727400164896344, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50005, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400213880688, "etime": 1727400213880688, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50059, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400162818369, "etime": 1727400162818369, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50002, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400176240243, "etime": 1727400176240243, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50018, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400211849781, "etime": 1727400211849781, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50057, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400210844826, "etime": 1727400210844826, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50056, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400219043205, "etime": 1727400219043205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50066, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400179349999, "etime": 1727400179349999, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50022, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400207740287, "etime": 1727400207740287, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50052, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400200427377, "etime": 1727400200427377, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50042, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400215976022, "etime": 1727400215976022, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50062, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400165912152, "etime": 1727400165912152, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50006, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400178286690, "etime": 1727400178286690, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50020, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400200555393, "etime": 1727400200555393, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50043, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400183458709, "etime": 1727400183458709, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50027, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400185505803, "etime": 1727400185505803, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50029, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400204661758, "etime": 1727400204661758, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50048, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400189599786, "etime": 1727400189599786, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50033, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400158740138, "etime": 1727400158740138, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49998, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400169013514, "etime": 1727400169013514, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50010, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400209771314, "etime": 1727400209771314, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50054, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400177272153, "etime": 1727400177272153, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50019, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400202585345, "etime": 1727400202585345, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50045, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400094921892, "etime": 1727400094921892, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49995, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400214969047, "etime": 1727400214969047, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50061, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400174084142, "etime": 1727400174084142, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50015, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400094902779, "etime": 1727400094902779, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49994, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400163834704, "etime": 1727400163834704, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50003, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400188584360, "etime": 1727400188584360, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50032, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400208755749, "etime": 1727400208755749, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50053, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400181381094, "etime": 1727400181381094, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50024, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400194708764, "etime": 1727400194708764, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50038, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400191646235, "etime": 1727400191646235, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50035, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400201568438, "etime": 1727400201568438, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50044, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400219038623, "etime": 1727400219038623, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50065, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400204700309, "etime": 1727400204700309, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50049, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400190631713, "etime": 1727400190631713, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50034, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400198381273, "etime": 1727400198381273, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50040, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400172052491, "etime": 1727400172052491, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50013, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400154943985, "etime": 1727400154943985, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49996, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400159757737, "etime": 1727400159757737, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 49999, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400205709644, "etime": 1727400205709644, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50050, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400199412101, "etime": 1727400199412101, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50041, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400184491350, "etime": 1727400184491350, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50028, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400186537584, "etime": 1727400186537584, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50030, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400181428970, "etime": 1727400181428970, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50025, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400202640070, "etime": 1727400202640070, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50046, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400166927247, "etime": 1727400166927247, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50007, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400175099773, "etime": 1727400175099773, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50016, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400203646825, "etime": 1727400203646825, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50047, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400179304495, "etime": 1727400179304495, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50021, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400160771471, "etime": 1727400160771471, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50000, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400216993899, "etime": 1727400216993899, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50063, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400161804771, "etime": 1727400161804771, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50001, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400170021335, "etime": 1727400170021335, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50011, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400206724540, "etime": 1727400206724540, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50051, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400212868656, "etime": 1727400212868656, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50058, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400167943835, "etime": 1727400167943835, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50008, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400182446920, "etime": 1727400182446920, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50026, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400180364973, "etime": 1727400180364973, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50023, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400214913337, "etime": 1727400214913337, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50060, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400175234948, "etime": 1727400175234948, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50017, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400187552678, "etime": 1727400187552678, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50031, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400218006046, "etime": 1727400218006046, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50064, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400193693380, "etime": 1727400193693380, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50037, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400197363469, "etime": 1727400197363469, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50039, "dest_port": 8900, "protocol": "tls", "result": "Normal"}, {"stime": 1727400210787399, "etime": 1727400210787399, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "src_port": 50055, "dest_port": 8900, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:43.265] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24684 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl?X-Amz-Date=20251210T023315Z&X-Amz-Expires=604800&X-Amz-Signature=3af48119e783e024ba8fd6773a9534e480354bc3a08de07c295d5e511347e3f2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:43.265] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:43.266] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:49.096] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl|result:{"code": 0, "total_count": 79, "abnormal_count": 0, "normal_count": 79, "alert_count": 0, "timestamp": 1765362889094, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727337288125723, "etime": 1727337288125723, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51934, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337305535748, "etime": 1727337305535748, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51956, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337260563455, "etime": 1727337260563455, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51906, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337257485770, "etime": 1727337257485770, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51903, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337248344413, "etime": 1727337248344413, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51894, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337271875984, "etime": 1727337271875984, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51918, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337250376254, "etime": 1727337250376254, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51896, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337287110391, "etime": 1727337287110391, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51933, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337264625901, "etime": 1727337264625901, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51910, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337301438713, "etime": 1727337301438713, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51950, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337289141645, "etime": 1727337289141645, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51935, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337272891615, "etime": 1727337272891615, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51919, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337246313398, "etime": 1727337246313398, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51892, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337273907288, "etime": 1727337273907288, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51920, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337278984986, "etime": 1727337278984986, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51925, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337268839814, "etime": 1727337268839814, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51915, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337276954287, "etime": 1727337276954287, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51923, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337245297624, "etime": 1727337245297624, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51891, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337242251059, "etime": 1727337242251059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51888, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337244281877, "etime": 1727337244281877, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51890, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337280001957, "etime": 1727337280001957, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51926, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337291172793, "etime": 1727337291172793, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51937, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337295315597, "etime": 1727337295315597, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51943, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337265643006, "etime": 1727337265643006, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51911, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337275938205, "etime": 1727337275938205, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51922, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337282032129, "etime": 1727337282032129, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51928, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337252407480, "etime": 1727337252407480, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51898, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337286094609, "etime": 1727337286094609, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51932, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337267690324, "etime": 1727337267690324, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51913, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337270861316, "etime": 1727337270861316, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51917, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337283048014, "etime": 1727337283048014, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51929, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337253422615, "etime": 1727337253422615, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51899, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337291220930, "etime": 1727337291220930, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51938, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337292235191, "etime": 1727337292235191, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51939, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337238189065, "etime": 1727337238189065, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51884, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337295284357, "etime": 1727337295284357, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51942, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337297344578, "etime": 1727337297344578, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51945, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337298403046, "etime": 1727337298403046, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51947, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337303500977, "etime": 1727337303500977, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51953, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337262595659, "etime": 1727337262595659, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51908, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337237175081, "etime": 1727337237175081, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51883, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337256469437, "etime": 1727337256469437, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51902, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337243266949, "etime": 1727337243266949, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51889, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337266657233, "etime": 1727337266657233, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51912, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337299407439, "etime": 1727337299407439, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51948, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337304516442, "etime": 1727337304516442, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51954, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337305532162, "etime": 1727337305532162, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51955, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337232063887, "etime": 1727337232063887, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51880, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337281016394, "etime": 1727337281016394, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51927, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337290157454, "etime": 1727337290157454, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51936, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337263606586, "etime": 1727337263606586, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51909, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337254438581, "etime": 1727337254438581, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51900, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337259547879, "etime": 1727337259547879, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51905, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337234094423, "etime": 1727337234094423, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51882, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337285079344, "etime": 1727337285079344, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51931, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337296329338, "etime": 1727337296329338, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51944, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337294266475, "etime": 1727337294266475, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51941, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337301481504, "etime": 1727337301481504, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51951, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337261579160, "etime": 1727337261579160, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51907, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337269844804, "etime": 1727337269844804, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51916, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337298360155, "etime": 1727337298360155, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51946, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337239203809, "etime": 1727337239203809, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51885, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337302486537, "etime": 1727337302486537, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51952, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337258516791, "etime": 1727337258516791, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51904, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337274922656, "etime": 1727337274922656, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51921, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337268704296, "etime": 1727337268704296, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51914, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337293251734, "etime": 1727337293251734, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51940, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337251391639, "etime": 1727337251391639, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51897, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337240219861, "etime": 1727337240219861, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51886, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337172049728, "etime": 1727337172049728, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51879, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337247329223, "etime": 1727337247329223, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51893, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337284063244, "etime": 1727337284063244, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51930, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337172030785, "etime": 1727337172030785, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51878, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337249360585, "etime": 1727337249360585, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51895, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337300423156, "etime": 1727337300423156, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51949, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337233079124, "etime": 1727337233079124, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51881, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337277969821, "etime": 1727337277969821, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51924, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337255453838, "etime": 1727337255453838, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51901, "dest_port": 8070, "protocol": "tls", "result": "Normal"}, {"stime": 1727337241235334, "etime": 1727337241235334, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 51887, "dest_port": 8070, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:49.096] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26335 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023318Z&X-Amz-Signature=d212606a2796a4b70a2d2c9aec3c7ba43d3a8fba95eab5cd9bbcffc82a8fd5a0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:49.096] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:54.583] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl|result:{"code": 0, "total_count": 75, "abnormal_count": 0, "normal_count": 75, "alert_count": 0, "timestamp": 1765362894582, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727340156522084, "etime": 1727340156522084, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54211, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340139990993, "etime": 1727340139990993, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54192, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340196193980, "etime": 1727340196193980, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54253, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340199241379, "etime": 1727340199241379, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54256, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340153459480, "etime": 1727340153459480, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54208, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340178773135, "etime": 1727340178773135, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54234, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340168459944, "etime": 1727340168459944, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54221, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340153319601, "etime": 1727340153319601, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54207, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340146147471, "etime": 1727340146147471, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54200, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340170506760, "etime": 1727340170506760, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54223, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340178726663, "etime": 1727340178726663, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54233, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340169492688, "etime": 1727340169492688, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54222, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340177694575, "etime": 1727340177694575, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54232, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340142053214, "etime": 1727340142053214, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54195, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340199286830, "etime": 1727340199286830, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54257, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340163631648, "etime": 1727340163631648, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54218, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340147164457, "etime": 1727340147164457, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54201, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340173600731, "etime": 1727340173600731, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54227, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340171573340, "etime": 1727340171573340, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54225, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340183850332, "etime": 1727340183850332, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54239, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340137960255, "etime": 1727340137960255, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54190, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340171539133, "etime": 1727340171539133, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54224, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340192084843, "etime": 1727340192084843, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54248, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340148178621, "etime": 1727340148178621, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54202, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340158553232, "etime": 1727340158553232, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54213, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340174649696, "etime": 1727340174649696, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54229, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340152287684, "etime": 1727340152287684, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54206, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340185990954, "etime": 1727340185990954, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54242, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340187008759, "etime": 1727340187008759, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54243, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340191069359, "etime": 1727340191069359, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54247, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340198225398, "etime": 1727340198225398, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54255, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340157539710, "etime": 1727340157539710, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54212, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340201335185, "etime": 1727340201335185, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54259, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340180803615, "etime": 1727340180803615, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54236, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340203370481, "etime": 1727340203370481, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54262, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340167454302, "etime": 1727340167454302, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54220, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340159569280, "etime": 1727340159569280, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54214, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340202350375, "etime": 1727340202350375, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54260, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340077947554, "etime": 1727340077947554, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54189, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340172584976, "etime": 1727340172584976, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54226, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340182834721, "etime": 1727340182834721, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54238, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340203366304, "etime": 1727340203366304, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54261, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340197209582, "etime": 1727340197209582, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54254, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340140020417, "etime": 1727340140020417, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54193, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340166407711, "etime": 1727340166407711, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54219, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340151274762, "etime": 1727340151274762, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54205, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340181819346, "etime": 1727340181819346, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54237, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340141037801, "etime": 1727340141037801, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54194, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340138975039, "etime": 1727340138975039, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54191, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340179787755, "etime": 1727340179787755, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54235, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340190053422, "etime": 1727340190053422, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54246, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340184982227, "etime": 1727340184982227, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54241, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340174618284, "etime": 1727340174618284, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54228, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340189038147, "etime": 1727340189038147, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54245, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340149229919, "etime": 1727340149229919, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54203, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340195131741, "etime": 1727340195131741, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54251, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340077931946, "etime": 1727340077931946, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54188, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340195177928, "etime": 1727340195177928, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54252, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340160585010, "etime": 1727340160585010, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54215, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340188022355, "etime": 1727340188022355, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54244, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340154475799, "etime": 1727340154475799, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54209, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340143070032, "etime": 1727340143070032, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54196, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340176680363, "etime": 1727340176680363, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54231, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340184866155, "etime": 1727340184866155, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54240, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340200303249, "etime": 1727340200303249, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54258, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340144084998, "etime": 1727340144084998, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54197, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340194115798, "etime": 1727340194115798, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54250, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340150241019, "etime": 1727340150241019, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54204, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340175663093, "etime": 1727340175663093, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54230, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340145100487, "etime": 1727340145100487, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54198, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340155506999, "etime": 1727340155506999, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54210, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340162616171, "etime": 1727340162616171, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54217, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340193100393, "etime": 1727340193100393, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54249, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340145142059, "etime": 1727340145142059, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54199, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727340161600338, "etime": 1727340161600338, "src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "src_port": 54216, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:34:54.583] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:34:54.584] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26336 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023321Z&X-Amz-Signature=93d9db8a995b63a7c5b1831e8f28617c977cc3820acadc7d28d43f3343def9dd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:54.584] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:54.661] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362894660, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645853080072, "etime": 1726645853080072, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49305, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:34:54.661] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24685 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0f87566ff61ed142d6216f9375f507c8ec41b0024ef2c32f7bf973bb64880fe3&X-Amz-Date=20251210T023324Z"} [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:54.661] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:34:54.743] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl|result:{"code": 1, "total_count": 1, "abnormal_count": 1, "normal_count": 0, "alert_count": 1, "timestamp": 1765362894742, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1726645853080072, "etime": 1726645853080072, "src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "src_port": 49305, "dest_port": 50050, "protocol": "tls", "result": "Behinder"}]} [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:34:54.743] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26337 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T023327Z&X-Amz-SignedHeaders=host&X-Amz-Signature=7957e7fe44c3522a2657f25281209b37716efb5628a9d1759eb7391b04edda1d"} [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:34:54.743] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:34:54.744] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:35:00.428] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl|result:{"code": 0, "total_count": 76, "abnormal_count": 0, "normal_count": 76, "alert_count": 0, "timestamp": 1765362900426, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727322974075436, "etime": 1727322974075436, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51452, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322958035146, "etime": 1727322958035146, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51437, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322988292473, "etime": 1727322988292473, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51466, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322987276716, "etime": 1727322987276716, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51465, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323004622476, "etime": 1727323004622476, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51483, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322994387763, "etime": 1727322994387763, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51472, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323002586957, "etime": 1727323002586957, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51481, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322938471502, "etime": 1727322938471502, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51415, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322947714133, "etime": 1727322947714133, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51425, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322980167841, "etime": 1727322980167841, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51458, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322957980318, "etime": 1727322957980318, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51436, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322951839747, "etime": 1727322951839747, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51430, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322967199007, "etime": 1727322967199007, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51446, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322995401829, "etime": 1727322995401829, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51473, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322961090325, "etime": 1727322961090325, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51440, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323000479628, "etime": 1727323000479628, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51478, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322960074690, "etime": 1727322960074690, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51439, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322941542728, "etime": 1727322941542728, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51418, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322945682947, "etime": 1727322945682947, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51423, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322949745623, "etime": 1727322949745623, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51427, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322950830865, "etime": 1727322950830865, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51429, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322956948553, "etime": 1727322956948553, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51435, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322964136219, "etime": 1727322964136219, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51443, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322976105138, "etime": 1727322976105138, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51454, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322950760952, "etime": 1727322950760952, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51428, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322973058525, "etime": 1727322973058525, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51451, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322978136673, "etime": 1727322978136673, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51456, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322970848642, "etime": 1727322970848642, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51448, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322943590400, "etime": 1727322943590400, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51420, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322965151819, "etime": 1727322965151819, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51444, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322979151823, "etime": 1727322979151823, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51457, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322984230240, "etime": 1727322984230240, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51462, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322977120507, "etime": 1727322977120507, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51455, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322985247332, "etime": 1727322985247332, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51463, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322999465397, "etime": 1727322999465397, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51477, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322948730553, "etime": 1727322948730553, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51426, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323003605432, "etime": 1727323003605432, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51482, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322983215770, "etime": 1727322983215770, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51461, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322989307935, "etime": 1727322989307935, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51467, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322998448938, "etime": 1727322998448938, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51476, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323007667075, "etime": 1727323007667075, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51486, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322942573660, "etime": 1727322942573660, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51419, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323005636479, "etime": 1727323005636479, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51484, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322878383440, "etime": 1727322878383440, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51412, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322952854712, "etime": 1727322952854712, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51431, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322939480718, "etime": 1727322939480718, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51416, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322946699277, "etime": 1727322946699277, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51424, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322954886445, "etime": 1727322954886445, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51433, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322968215495, "etime": 1727322968215495, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51447, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322971854681, "etime": 1727322971854681, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51449, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323002511532, "etime": 1727323002511532, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51480, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322959042522, "etime": 1727322959042522, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51438, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322940527323, "etime": 1727322940527323, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51417, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322938417795, "etime": 1727322938417795, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51414, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322962105406, "etime": 1727322962105406, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51441, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322975089373, "etime": 1727322975089373, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51453, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322944671646, "etime": 1727322944671646, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51422, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323007678235, "etime": 1727323007678235, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51487, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322963120354, "etime": 1727322963120354, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51442, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322953870854, "etime": 1727322953870854, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51432, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322996417303, "etime": 1727322996417303, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51474, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322955934088, "etime": 1727322955934088, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51434, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322972049423, "etime": 1727322972049423, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51450, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322878398341, "etime": 1727322878398341, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51413, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322991339300, "etime": 1727322991339300, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51469, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322981182975, "etime": 1727322981182975, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51459, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322982198438, "etime": 1727322982198438, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51460, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322993373837, "etime": 1727322993373837, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51471, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323001496073, "etime": 1727323001496073, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51479, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727323006652812, "etime": 1727323006652812, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51485, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322990324140, "etime": 1727322990324140, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51468, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322992355101, "etime": 1727322992355101, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51470, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322944605017, "etime": 1727322944605017, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51421, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322997433636, "etime": 1727322997433636, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51475, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322966167575, "etime": 1727322966167575, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51445, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727322986261309, "etime": 1727322986261309, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 51464, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:35:00.428] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26338 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6b1bb0e4e2062a0aca00ecf3427e4a9642b36a06e91b041bd044f33baabb40cc&X-Amz-Date=20251210T023330Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:35:00.428] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:35:00.429] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:35:03.218] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl|result:{"code": 1, "total_count": 38, "abnormal_count": 2, "normal_count": 36, "alert_count": 2, "timestamp": 1765362903217, "module": "anquanchu", "proto": "tls", "alerted": true, "details": [{"stime": 1727153145560682, "etime": 1727153145560682, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55692, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153175547929, "etime": 1727153175547929, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55719, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153169129941, "etime": 1727153169129941, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55712, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727153164096916, "etime": 1727153164096916, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55710, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153151754059, "etime": 1727153151754059, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55698, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153162047286, "etime": 1727153162047286, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55708, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153163084978, "etime": 1727153163084978, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55709, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153156915259, "etime": 1727153156915259, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55703, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153170153846, "etime": 1727153170153846, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55713, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153158968182, "etime": 1727153158968182, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153148658667, "etime": 1727153148658667, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55695, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153153831494, "etime": 1727153153831494, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55700, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153172232469, "etime": 1727153172232469, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55715, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153171196701, "etime": 1727153171196701, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55714, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153152791784, "etime": 1727153152791784, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55699, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153157936668, "etime": 1727153157936668, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55704, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153159993715, "etime": 1727153159993715, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55706, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153146609375, "etime": 1727153146609375, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55693, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153154863030, "etime": 1727153154863030, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55701, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153142845007, "etime": 1727153142845007, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55690, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153150731798, "etime": 1727153150731798, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55697, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153165128390, "etime": 1727153165128390, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55711, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153173256450, "etime": 1727153173256450, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55716, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153155886578, "etime": 1727153155886578, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55702, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153174276898, "etime": 1727153174276898, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55717, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153176565608, "etime": 1727153176565608, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55720, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153177587039, "etime": 1727153177587039, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55721, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153161021303, "etime": 1727153161021303, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55707, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153179642620, "etime": 1727153179642620, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55723, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153180683870, "etime": 1727153180683870, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153178617548, "etime": 1727153178617548, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55722, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153147632337, "etime": 1727153147632337, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55694, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153144518185, "etime": 1727153144518185, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55691, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1727153174535170, "etime": 1727153174535170, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55718, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153180666712, "etime": 1727153180666712, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55725, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153082775216, "etime": 1727153082775216, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55684, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153149696835, "etime": 1727153149696835, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55696, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1727153080149443, "etime": 1727153080149443, "src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "src_port": 55683, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-10 10:35:03.218] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26339 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023333Z&X-Amz-Expires=604800&X-Amz-Signature=315d9c818d0e91891d0b7459af18e13d2e4aff21a92110e277e98f438e0220fb"} [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:35:03.218] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:35:03.219] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:35:08.858] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl|result:{"code": 0, "total_count": 76, "abnormal_count": 0, "normal_count": 76, "alert_count": 0, "timestamp": 1765362908856, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727332909502966, "etime": 1727332909502966, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52079, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332894597608, "etime": 1727332894597608, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52065, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332868830671, "etime": 1727332868830671, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52037, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332891550380, "etime": 1727332891550380, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52062, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332870936869, "etime": 1727332870936869, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52040, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332873971158, "etime": 1727332873971158, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52043, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332876049933, "etime": 1727332876049933, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52046, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332899268119, "etime": 1727332899268119, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52068, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332886471842, "etime": 1727332886471842, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52057, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332879112700, "etime": 1727332879112700, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52049, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332889518358, "etime": 1727332889518358, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52060, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332870861956, "etime": 1727332870861956, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52039, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332910519355, "etime": 1727332910519355, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52080, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332883377515, "etime": 1727332883377515, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52054, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332783286318, "etime": 1727332783286318, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52009, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332911534062, "etime": 1727332911534062, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52081, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332878096172, "etime": 1727332878096172, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52048, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332843300087, "etime": 1727332843300087, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52010, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332845330905, "etime": 1727332845330905, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52012, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332897248210, "etime": 1727332897248210, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52066, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332871940539, "etime": 1727332871940539, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52041, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332898253143, "etime": 1727332898253143, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52067, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332885456485, "etime": 1727332885456485, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52056, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332890534134, "etime": 1727332890534134, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52061, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332853550255, "etime": 1727332853550255, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52021, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332856649479, "etime": 1727332856649479, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52025, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332861721321, "etime": 1727332861721321, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52030, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332908409567, "etime": 1727332908409567, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52077, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332908496930, "etime": 1727332908496930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52078, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332852534238, "etime": 1727332852534238, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52020, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332904346641, "etime": 1727332904346641, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52073, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332857659277, "etime": 1727332857659277, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52026, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332847444335, "etime": 1727332847444335, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52015, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332846346417, "etime": 1727332846346417, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52013, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332875043825, "etime": 1727332875043825, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52045, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332864768007, "etime": 1727332864768007, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52033, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332877065138, "etime": 1727332877065138, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52047, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332865784120, "etime": 1727332865784120, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52034, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332863752559, "etime": 1727332863752559, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52032, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332874987844, "etime": 1727332874987844, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52044, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332881143820, "etime": 1727332881143820, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52051, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332882362105, "etime": 1727332882362105, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52053, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332854566481, "etime": 1727332854566481, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52022, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332862737092, "etime": 1727332862737092, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52031, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332848455887, "etime": 1727332848455887, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52016, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332866799515, "etime": 1727332866799515, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52035, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332860706798, "etime": 1727332860706798, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52029, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332880127395, "etime": 1727332880127395, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52050, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332893580604, "etime": 1727332893580604, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52064, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332907393795, "etime": 1727332907393795, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52076, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332849471753, "etime": 1727332849471753, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52017, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332847362976, "etime": 1727332847362976, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52014, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332884393222, "etime": 1727332884393222, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52055, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332872956309, "etime": 1727332872956309, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52042, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332858675318, "etime": 1727332858675318, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52027, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332856596687, "etime": 1727332856596687, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52024, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332855580964, "etime": 1727332855580964, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52023, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332901299504, "etime": 1727332901299504, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52070, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332844315420, "etime": 1727332844315420, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52011, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332906377671, "etime": 1727332906377671, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52075, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332902314938, "etime": 1727332902314938, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52071, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332850487662, "etime": 1727332850487662, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52018, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332912558786, "etime": 1727332912558786, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52083, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332900283871, "etime": 1727332900283871, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52069, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332859690295, "etime": 1727332859690295, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52028, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332881353396, "etime": 1727332881353396, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52052, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332851519627, "etime": 1727332851519627, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52019, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332905362956, "etime": 1727332905362956, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52074, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332912550090, "etime": 1727332912550090, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52082, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332887486779, "etime": 1727332887486779, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52058, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332892564877, "etime": 1727332892564877, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52063, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332867816195, "etime": 1727332867816195, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52036, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332783270806, "etime": 1727332783270806, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52008, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332869846413, "etime": 1727332869846413, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52038, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332888502660, "etime": 1727332888502660, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52059, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332903331845, "etime": 1727332903331845, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52072, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:35:08.858] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24686 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl?X-Amz-Date=20251210T023337Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8010df4e2113920868b7112bbe868b44d72f95dee351653950b896bc3c2686e4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:35:08.858] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:35:13.646] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl|result:{"code": 0, "total_count": 64, "abnormal_count": 0, "normal_count": 64, "alert_count": 0, "timestamp": 1765362913645, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727317500286797, "etime": 1727317500286797, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49884, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317421326802, "etime": 1727317421326802, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49860, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317503332949, "etime": 1727317503332949, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49887, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317482484882, "etime": 1727317482484882, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49863, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317486785204, "etime": 1727317486785204, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49869, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317504347813, "etime": 1727317504347813, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49888, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317513004877, "etime": 1727317513004877, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49895, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317527321304, "etime": 1727317527321304, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49910, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317514019727, "etime": 1727317514019727, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49896, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317534473726, "etime": 1727317534473726, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49918, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317501301598, "etime": 1727317501301598, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49885, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317509962139, "etime": 1727317509962139, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49892, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317485771727, "etime": 1727317485771727, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49868, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317511988679, "etime": 1727317511988679, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49894, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317499066510, "etime": 1727317499066510, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49882, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317526254284, "etime": 1727317526254284, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49908, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317481379991, "etime": 1727317481379991, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49862, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317528332930, "etime": 1727317528332930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49911, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317533456841, "etime": 1727317533456841, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49917, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317516050621, "etime": 1727317516050621, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49898, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317520113688, "etime": 1727317520113688, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49902, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317531378513, "etime": 1727317531378513, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49914, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317527269388, "etime": 1727317527269388, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49909, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317484675843, "etime": 1727317484675843, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49866, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317493985619, "etime": 1727317493985619, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49877, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317495004265, "etime": 1727317495004265, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49878, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317532394821, "etime": 1727317532394821, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49915, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317497035560, "etime": 1727317497035560, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49880, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317517066840, "etime": 1727317517066840, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49899, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317535488845, "etime": 1727317535488845, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49919, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317530362815, "etime": 1727317530362815, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49913, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317490847867, "etime": 1727317490847867, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49873, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317536503759, "etime": 1727317536503759, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49920, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317493895675, "etime": 1727317493895675, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49876, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317519097324, "etime": 1727317519097324, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49901, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317491863137, "etime": 1727317491863137, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49874, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317537520041, "etime": 1727317537520041, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49921, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317492878820, "etime": 1727317492878820, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49875, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317538542884, "etime": 1727317538542884, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49923, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317488816912, "etime": 1727317488816912, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49871, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317483582260, "etime": 1727317483582260, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49864, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317506379479, "etime": 1727317506379479, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49890, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317515035473, "etime": 1727317515035473, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49897, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317532452185, "etime": 1727317532452185, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49916, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317518083050, "etime": 1727317518083050, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49900, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317489831728, "etime": 1727317489831728, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49872, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317487800832, "etime": 1727317487800832, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49870, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317538534793, "etime": 1727317538534793, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49922, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317485708258, "etime": 1727317485708258, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49867, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317529347741, "etime": 1727317529347741, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49912, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317496019402, "etime": 1727317496019402, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49879, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317483660790, "etime": 1727317483660790, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49865, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317523176018, "etime": 1727317523176018, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49905, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317522144492, "etime": 1727317522144492, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49904, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317507394605, "etime": 1727317507394605, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49891, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317421358328, "etime": 1727317421358328, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49861, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317502316248, "etime": 1727317502316248, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49886, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317499239567, "etime": 1727317499239567, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49883, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317505363098, "etime": 1727317505363098, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49889, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317524207751, "etime": 1727317524207751, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49906, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317525223764, "etime": 1727317525223764, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49907, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317521128762, "etime": 1727317521128762, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49903, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317498051196, "etime": 1727317498051196, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49881, "dest_port": 8990, "protocol": "tls", "result": "Normal"}, {"stime": 1727317510973579, "etime": 1727317510973579, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "src_port": 49893, "dest_port": 8990, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 10:35:13.646] [DEBUG] [tid:127829042783936] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25090 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f9aefc52e55e68dae821db79a783563215d5dd527047366525a86328d98586ab&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023340Z"} [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (AiModule.cpp:20) get func load [2025-12-10 10:35:13.646] [INFO] [tid:127829042783936] (AiModule.cpp:29) prepare args for load [2025-12-10 10:35:13.647] [INFO] [tid:127829042783936] (AiModule.cpp:39) load result:0 [2025-12-10 10:35:18.964] [DEBUG] [tid:127829042783936] (AiModule.cpp:93) bucket:2025-12-10|object:10/output/cnn/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl|result:{"code": 0, "total_count": 71, "abnormal_count": 0, "normal_count": 71, "alert_count": 0, "timestamp": 1765362918963, "module": "anquanchu", "proto": "tls", "alerted": false, "details": [{"stime": 1727333055138781, "etime": 1727333055138781, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52104, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332979580438, "etime": 1727332979580438, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52084, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333056143844, "etime": 1727333056143844, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52105, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333092862513, "etime": 1727333092862513, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52143, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333102112179, "etime": 1727333102112179, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52153, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333061298458, "etime": 1727333061298458, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52111, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333082628810, "etime": 1727333082628810, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52132, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333091848131, "etime": 1727333091848131, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52142, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333040832501, "etime": 1727333040832501, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52089, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333049988045, "etime": 1727333049988045, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52098, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333099034011, "etime": 1727333099034011, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52150, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333039612838, "etime": 1727333039612838, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52087, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333077550824, "etime": 1727333077550824, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52127, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333072472286, "etime": 1727333072472286, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52122, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333051003203, "etime": 1727333051003203, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52099, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333078565930, "etime": 1727333078565930, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52128, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333083644094, "etime": 1727333083644094, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52133, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333098019664, "etime": 1727333098019664, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52149, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333101097214, "etime": 1727333101097214, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52152, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333067394452, "etime": 1727333067394452, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52117, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333044909839, "etime": 1727333044909839, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52093, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333097003724, "etime": 1727333097003724, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52148, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333046940625, "etime": 1727333046940625, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52095, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333041847983, "etime": 1727333041847983, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52090, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333043897652, "etime": 1727333043897652, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52092, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333042862374, "etime": 1727333042862374, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52091, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333085675241, "etime": 1727333085675241, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52135, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333093962737, "etime": 1727333093962737, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52145, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333086737314, "etime": 1727333086737314, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52137, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333075519396, "etime": 1727333075519396, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52125, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333085730085, "etime": 1727333085730085, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52136, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333059206948, "etime": 1727333059206948, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52108, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333076534467, "etime": 1727333076534467, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52126, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333094971711, "etime": 1727333094971711, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52146, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333062317108, "etime": 1727333062317108, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52112, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333052019224, "etime": 1727333052019224, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52100, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333047956185, "etime": 1727333047956185, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52096, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333048971853, "etime": 1727333048971853, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52097, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333065362295, "etime": 1727333065362295, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52115, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333071456582, "etime": 1727333071456582, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52121, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727332979596685, "etime": 1727332979596685, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52085, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333061237730, "etime": 1727333061237730, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52110, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333088768575, "etime": 1727333088768575, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52139, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333073487584, "etime": 1727333073487584, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52123, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333095988229, "etime": 1727333095988229, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52147, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333079582328, "etime": 1727333079582328, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52129, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333089784213, "etime": 1727333089784213, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52140, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333053034668, "etime": 1727333053034668, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52101, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333070440471, "etime": 1727333070440471, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52120, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333039817948, "etime": 1727333039817948, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52088, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333058175760, "etime": 1727333058175760, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52107, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333055066337, "etime": 1727333055066337, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52103, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333063330990, "etime": 1727333063330990, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52113, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333068409241, "etime": 1727333068409241, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52118, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333074503499, "etime": 1727333074503499, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52124, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333093878205, "etime": 1727333093878205, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52144, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333057160669, "etime": 1727333057160669, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52106, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333045925159, "etime": 1727333045925159, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52094, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333060221863, "etime": 1727333060221863, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52109, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333087753164, "etime": 1727333087753164, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52138, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333064346911, "etime": 1727333064346911, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52114, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333103137076, "etime": 1727333103137076, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52155, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333066378017, "etime": 1727333066378017, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52116, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333081613034, "etime": 1727333081613034, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52131, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333054050763, "etime": 1727333054050763, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52102, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333084659217, "etime": 1727333084659217, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52134, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333103128548, "etime": 1727333103128548, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52154, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333090800098, "etime": 1727333090800098, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52141, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333100082468, "etime": 1727333100082468, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52151, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333080597054, "etime": 1727333080597054, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52130, "dest_port": 8090, "protocol": "tls", "result": "Normal"}, {"stime": 1727333069425701, "etime": 1727333069425701, "src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "src_port": 52119, "dest_port": 8090, "protocol": "tls", "result": "Normal"}]} [2025-12-10 10:35:18.965] [INFO] [tid:127829042783936] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000